Certified in Risk and Information Systems Control (CRISC) — Question 1291

Which of the following is the PRIMARY purpose of developing a risk register?

Answer options

• A. To provide a means to identify risk scenarios requiring mitigation
• B. To provide a means to respond to risk as it arises
• C. To provide a means to identify relevant threat actors
• D. To provide a means to track risk as it is identified

Correct answer: A

Explanation

The primary purpose of a risk register is to identify risk scenarios that need mitigation, making option A the correct choice. Options B and D focus on response and tracking, respectively, which are secondary functions. Option C is not aligned with the main goal of a risk register, as it deals with threat actors rather than risk scenarios.