Certified in Risk and Information Systems Control (CRISC) — Question 1178

Which of the following is the PRIMARY objective of the risk identification process?

Answer options

• A. To expand organizational awareness and knowledge of identified risk scenarios
• B. To reduce risk faced by the organization to an acceptable level
• C. To ensure control objectives align with business objectives
• D. To determine possible risk events that could jeopardize business objectives

Correct answer: D

Explanation

The correct answer is D because the primary aim of risk identification is to pinpoint potential risk events that could impact the business's goals. Options A, B, and C, while relevant to risk management, focus on awareness, mitigation, and alignment rather than the fundamental task of identifying risks.