Certified in Risk and Information Systems Control (CRISC) — Question 1140

To drive effective risk management, it is MOST important that an organization’s policy framework is:

Answer options

• A. mapped to an industry-standard framework.
• B. aligned to the functional business structure.
• C. approved by relevant stakeholders.
• D. included in employee onboarding materials.

Correct answer: C

Explanation

The correct answer is C because stakeholder approval ensures that the policies are accepted and supported throughout the organization, which is essential for effective implementation. Options A and B are important but secondary to having the policies endorsed by those who have a vested interest in their success. Option D, while valuable for awareness, does not directly impact the effectiveness of risk management itself.