Certified in Risk and Information Systems Control (CRISC) — Question 138

Which of the following is the MOST important reason to maintain key risk indicators (KRIs)?

Answer options

• A. In order to avoid risk
• B. Complex metrics require fine-tuning
• C. Risk reports need to be timely
• D. Threats and vulnerabilities change over time

Correct answer: D

Explanation

The correct answer is D because threats and vulnerabilities are not static; they can change frequently, necessitating the monitoring of KRIs to adapt to new risks. The other options, while relevant to risk management, do not capture the essential need to continuously track changes in the risk landscape.