Certified in Risk and Information Systems Control (CRISC) — Question 1257

Which of the following is the PRIMARY reason to obtain independent reviews of risk assessment and response mechanisms?

Answer options

• A. To minimize the subjectivity of risk assessment results
• B. To correct errors in the risk assessment process
• C. To ensure risk thresholds are properly defined
• D. To validate impact and probability ratings

Correct answer: A

Explanation

The correct answer is A because obtaining independent reviews helps to reduce personal biases that can affect risk assessment outcomes. Options B, C, and D, while important, are secondary benefits that may arise but do not address the primary goal of minimizing subjectivity.