Certified in Risk and Information Systems Control (CRISC) — Question 1150

Which of the following would be MOST helpful to review when prioritizing the implementation of multiple IT-related initiatives?

Answer options

• A. Risk policy
• B. Risk profile
• C. Risk assessment results
• D. Risk awareness program objectives

Correct answer: C

Explanation

The correct answer is C, as risk assessment results provide specific insights into potential threats and vulnerabilities associated with each initiative, enabling informed prioritization. Options A, B, and D contribute to understanding risk but do not offer the detailed data necessary for effective prioritization like the assessment results do.