Certified in Risk and Information Systems Control (CRISC) — Question 170

Which of the following is the MOST important objective of establishing an enterprise risk management (ERM) function within an organization?

Answer options

• A. To have a standard risk management process for complying with regulations
• B. To ensure risk profiles are presented in a consistent format within the organization
• C. To have a unified approach to risk management across the organization
• D. To optimize risk management resources across the organization

Correct answer: C

Explanation

The correct answer, C, emphasizes the importance of a cohesive strategy for managing risks throughout the organization, which is crucial for effective ERM. Options A and B focus on compliance and consistency, which are important but secondary to having a unified approach, while D addresses resource optimization, which is beneficial but not the main objective of ERM.