Certified in Risk and Information Systems Control (CRISC) — Question 1182

Which of the following is the PRIMARY purpose of periodically updating an organization's risk profile?

Answer options

• A. Inform senior management of changes in the risk environment.
• B. Provide a risk-based audit program.
• C. Identify gaps between policies and procedures.
• D. Prioritize management-initiated reviews.

Correct answer: A

Explanation

The primary goal of periodically updating an organization's risk profile is to keep senior management informed of changes in the risk environment, enabling them to make informed decisions. Options B, C, and D, while important, are secondary functions that arise from having an updated risk profile rather than being the main purpose.