Certified in Risk and Information Systems Control (CRISC) — Question 253

Which of the following is the BEST indication that an organization is following a mature risk management process?

Answer options

• A. Executive management receives periodic risk awareness training.
• B. Attributes of each risk scenario have been documented within the risk register.
• C. The risk register is frequently utilized for decision-making.
• D. A dashboard has been developed for senior management to provide real-time risk values.

Correct answer: C

Explanation

The correct answer, C, indicates that the risk register is actively integrated into decision-making processes, showcasing a mature risk management approach. While options A, B, and D reflect important elements of risk management, they do not necessarily demonstrate the active application of risk information in decision-making as effectively as option C does.