Certified in Risk and Information Systems Control (CRISC) — Question 1133

Which of the following is the BEST method for assessing the current effectiveness of an organization’s risk management program against its desired level of capability?

Answer options

• A. Risk management maturity model
• B. Risk management improvement program
• C. Internal audit review
• D. Benchmarking with peer organizations

Correct answer: A

Explanation

The Risk management maturity model provides a structured way to assess the effectiveness of a risk management program by evaluating its maturity level against established criteria. Other options like a Risk management improvement program focus on enhancements, an Internal audit review assesses compliance and controls, and Benchmarking with peer organizations compares performance but may not directly measure capability levels.