Certified in Risk and Information Systems Control (CRISC) — Question 1221

Which of the following is the MOST important information for determining inherent risk?

Answer options

• A. The effectiveness of controls in place to prevent the risk
• B. Loss the risk has historically caused
• C. The IT risk manager's view of emerging risk
• D. The maturity of the control environment

Correct answer: B

Explanation

The correct answer is B, as understanding the historical losses related to a risk provides essential context for evaluating its inherent risk. Options A, C, and D focus on controls and perspectives that may affect risk management but do not address the risk's potential impact based on past occurrences.