Certified in Risk and Information Systems Control (CRISC) — Question 264

Which of the following statements is true for risk analysis?

Answer options

• A. Risk analysis should assume an equal degree of protection for all assets.
• B. Risk analysis should give more weight to the likelihood than the size of loss.
• C. Risk analysis should limit the scope to a benchmark of similar companies
• D. Risk analysis should address the potential size and likelihood of loss.

Correct answer: D

Explanation

The correct answer is D because effective risk analysis evaluates both the potential impact (size) and the probability (likelihood) of loss to provide a comprehensive risk assessment. Option A is incorrect as assets often have varying levels of protection. Option B is wrong because both likelihood and size of loss are critical in determining risk. Option C is misleading, as risk analysis should consider a broader context beyond just similar companies.