Certified in Risk and Information Systems Control (CRISC) — Question 1204

Which of the following BEST enables the development of a successful IT strategy focused on business risk mitigation?

Answer options

• A. Providing risk awareness training for business units
• B. Conducting a business impact analysis (BIA)
• C. Obtaining input from business management
• D. Understanding the business controls currently in place

Correct answer: C

Explanation

Obtaining input from business management is crucial because it ensures that the IT strategy aligns with the organization's goals and risk tolerance. While risk awareness training, a BIA, and understanding current controls are important, they do not directly involve leadership input, which is essential for a comprehensive strategy.