Certified in Risk and Information Systems Control (CRISC) — Question 164

Which of the following is the GREATEST advantage of implementing a risk management program?

Answer options

• A. Promoting a risk-aware culture
• B. Improving security governance
• C. Enabling risk-aware decisions
• D. Reducing residual risk

Correct answer: C

Explanation

The correct answer, C, highlights that a risk management program allows organizations to make informed decisions based on an understanding of risks. While promoting a risk-aware culture, improving security governance, and reducing residual risk are important, they are secondary benefits that support the primary goal of enabling risk-aware decision-making.