Certified in Risk and Information Systems Control (CRISC) — Question 1384

The GREATEST concern when maintaining a risk register is that:

Answer options

• A. executive management does not perform periodic reviews.
• B. significant changes in risk factors are excluded.
• C. IT risk is not linked with IT assets.
• D. impacts are recorded in qualitative terms.

Correct answer: B

Explanation

The correct answer, B, highlights the importance of including all significant changes in risk factors to ensure the risk register remains relevant. If these changes are omitted, it compromises the effectiveness of the risk management process. The other options, while relevant, do not address the core concern of accurately reflecting risk factors in the register.