Certified in Risk and Information Systems Control (CRISC) — Question 295

Which of the following would provide executive management with the BEST information to make risk decisions as a result of a risk assessment?

Answer options

• A. A quantitative presentation of risk assessment results
• B. A qualitative presentation of risk assessment results
• C. A comparison of risk assessment results to the desired state
• D. An assessment of organizational maturity levels and readiness

Correct answer: C

Explanation

Option C is correct because comparing risk assessment results to the desired state provides clear insights into gaps and areas needing attention, enabling better decision-making. The other options, while informative, do not directly correlate the current risk posture to the organization's objectives, which is critical for effective risk management.