Certified in Risk and Information Systems Control (CRISC) — Question 1420

Which of the following is the MOST likely reason for a significant year-over-year increase in inherent risk?

Answer options

• A. Targeted cyberattacks against the organization's infrastructure
• B. A significant number of control failures identified during an audit
• C. A lack of defined risk ownership due to organizational changes
• D. An ineffective risk action plan validation process

Correct answer: A

Explanation

The correct answer is A because targeted cyberattacks can dramatically increase inherent risk by exposing vulnerabilities in an organization's defenses. Options B, C, and D are related to internal issues but do not directly result in a significant increase in inherent risk from external threats like cyberattacks.