Certified in Risk and Information Systems Control (CRISC) — Question 1136

Which of the following is MOST likely to trigger the need for a risk reassessment?

Answer options

• A. Risk assessment tools have changed.
• B. Audit programs have changed.
• C. A vulnerability has been identified within the industry.
• D. The scheduled review period has passed.

Correct answer: C

Explanation

The correct answer is C because identifying a vulnerability within the industry indicates a new threat that could affect the current risk profile, necessitating a reassessment. Options A and B refer to changes in tools and programs, which may not directly impact existing risks, while option D pertains to a time-based review that doesn't inherently indicate a need for reassessment.