Certified in Risk and Information Systems Control (CRISC) — Question 144
Which of the following is the BEST method to maintain a common view of IT risk within an organization?
Answer options
- A. Establishing and communicating the IT risk profile
- B. Performing and publishing an IT risk analysis
- C. Collecting data for IT risk assessment
- D. Utilizing a balanced scorecard
Correct answer: A
Explanation
The best approach to maintain a common view of IT risk is by establishing and communicating the IT risk profile, as it provides a clear framework for understanding risk. While performing an IT risk analysis and collecting data are important, they do not ensure that all stakeholders have a unified perspective as effectively as a communicated risk profile. Utilizing a balanced scorecard focuses on performance metrics rather than directly addressing IT risk understanding.