Certified in Risk and Information Systems Control (CRISC) — Question 143

As part of an overall IT risk management plan, an IT risk register BEST helps management:

Answer options

• A. stay current with existing control status
• B. align IT processes with business objectives
• C. understand the organizational risk profile
• D. communicate the enterprise risk management policy

Correct answer: C

Explanation

The correct answer is C because an IT risk register provides a comprehensive overview of the risks faced by the organization, allowing management to understand the overall risk profile. Options A and B are important aspects of IT management but do not directly relate to the primary function of a risk register. Option D involves communication of policy rather than an understanding of risk.