Certified in Risk and Information Systems Control (CRISC) — Question 1180

Which of the following is the PRIMARY reason to periodically assess risk management capabilities?

Answer options

• A. To determine changes in risk profile
• B. To monitor risk factors
• C. To measure return on control investments
• D. To determine opportunities for improvement

Correct answer: D

Explanation

The correct answer, D, emphasizes the importance of identifying opportunities for improvement in risk management processes, which is essential for maintaining effective risk controls. Options A, B, and C, while relevant, do not directly address the need for continual enhancement of risk management capabilities.