Certified in Risk and Information Systems Control (CRISC) — Question 1405

A risk heat map is MOST commonly used as part of an IT risk analysis to facilitate risk:

Answer options

• A. treatment
• B. identification
• C. communication
• D. assessment

Correct answer: C

Explanation

The correct answer is C, as a risk heat map primarily serves to improve communication about risks by visually representing their severity and likelihood. Options A, B, and D, while they relate to risk management, do not capture the main purpose of a heat map, which is to convey information effectively to stakeholders.