Certified in Risk and Information Systems Control (CRISC) — Question 1220

A risk practitioner wants to identify potential risk events that affect the continuity of a critical business process. Which of the following should the risk practitioner do FIRST?

Answer options

• A. Evaluate current risk management alignment with relevant regulations.
• B. Conduct a benchmarking exercise against industry peers.
• C. Determine if business continuity procedures are reviewed and updated on a regular basis.
• D. Review the methodology used to conduct the business impact analysis (BIA).

Correct answer: D

Explanation

The correct answer is D because reviewing the methodology for the business impact analysis (BIA) ensures that the process for identifying potential risks is robust and accurate. The other options, while important, do not directly address the immediate need to understand how risks to business continuity are assessed.