Certified in Risk and Information Systems Control (CRISC) — Question 159

Which of the following provides the BEST measurement of an organization's risk management maturity level?

Answer options

• A. IT alignment to business objectives
• B. Level of residual risk
• C. Key risk indicators (KRIs)
• D. The results of a gap analysis

Correct answer: D

Explanation

The results of a gap analysis provide a comprehensive view of the current state of risk management compared to best practices, making it the best measure of maturity. In contrast, IT alignment to business objectives, residual risk, and key risk indicators may reflect aspects of risk management but do not offer a complete maturity assessment.