Certified in Risk and Information Systems Control (CRISC) — Question 29

A business unit is updating a risk register with assessment results for a key project. Which of the following is MOST important to capture in the register?

Answer options

• A. Action plans to address risk scenarios requiring treatment
• B. The team that performed the risk assessment
• C. An assigned risk manager to provide oversight
• D. The methodology used to perform the risk assessment

Correct answer: A

Explanation

The most critical information to document in the risk register is the action plans to manage risks that need treatment, as these directly address the identified risks. While the team, risk manager, and methodology are important, they do not have the same immediate impact on managing the risks effectively.