Certified in Risk and Information Systems Control (CRISC) — Question 1387
Where should a risk practitioner document the current state and desired future state of organizational risk?
Answer options
- A. Business continuity plan (BCP)
- B. Risk management strategy
- C. Risk action plan
- D. Risk register
Correct answer: D
Explanation
The correct answer is D, the Risk register, as it is specifically designed to capture the current and future states of risk within an organization. The other options, such as the Business continuity plan (BCP), Risk management strategy, and Risk action plan, serve different purposes in the risk management process and do not focus on documenting the state of risks.