Certified in Risk and Information Systems Control (CRISC) — Question 213

Which of the following is the MOST important reason to link an effective key control indicator (KCI) to relevant key risk indicators (KRIs)?

Answer options

• A. To obtain business buy-in for investment in risk mitigation measures
• B. To monitor the accuracy of threshold levels in metrics
• C. To monitor changes in the risk environment
• D. To provide input to management for the adjustment of risk appetite

Correct answer: C

Explanation

The correct answer, C, highlights the significance of monitoring changes in the risk environment, which is essential for effective risk management. While options A, B, and D may be relevant in certain contexts, they do not address the fundamental need to stay ahead of evolving risks, which is crucial for organizations to maintain resilience.