Certified in Risk and Information Systems Control (CRISC) — Question 1212

What is the MOST important information provided by key performance indicators (KPIs) in a risk management program?

Answer options

• A. Effectiveness of internal controls
• B. Effectiveness of risk ownership
• C. Performance of data loss controls
• D. Level of inherent business risk

Correct answer: A

Explanation

The correct answer is A because KPIs primarily measure how well internal controls are functioning to mitigate risks within an organization. While the other options are relevant to risk management, they do not provide the same level of insight into the effectiveness of controls as KPIs do.