Certified in Risk and Information Systems Control (CRISC) — Question 1238

Which of the following statements are true for enterprise's risk management capability maturity level 3?

Answer options

• A. Workflow tools are used to accelerate risk issues and track decisions
• B. The business knows how IT fits in the enterprise risk universe and the risk portfolio view
• C. The enterprise formally requires continuous improvement of risk management skills, based on clearly defined personal and enterprise goals
• D. Risk management is viewed as a business issue, and both the drawbacks and benefits of risk are recognized

Correct answer: A, B, D

Explanation

The correct statements A, B, and D highlight key aspects of risk management at maturity level 3, such as the use of workflow tools, understanding of IT's role, and recognition of risk as a business issue. Option C, while important, is not explicitly tied to maturity level 3 requirements, which focus more on the practical application and recognition of risk management rather than formal mandates for improvement.