Certified in Risk and Information Systems Control (CRISC) — Question 242

Which of the following is MOST appropriate method to evaluate the potential impact of legal, regulatory, and contractual requirements on business objectives?

Answer options

• A. Communication with business process stakeholders
• B. Compliance-oriented business impact analysis
• C. Compliance-oriented gap analysis
• D. Mapping of compliance requirements to policies and procedures

Correct answer: B

Explanation

The correct answer, B, is the most suitable method as it specifically addresses how compliance factors influence business objectives through a structured analysis. While A, C, and D may contribute to understanding compliance, they do not directly evaluate the impact on business goals as comprehensively as a compliance-oriented business impact analysis does.