Certified in Risk and Information Systems Control (CRISC) — Question 300

Which of the following is MOST important to communicate to senior management during the initial implementation of a risk management program?

Answer options

• A. Risk ownership
• B. Best practices
• C. Desired risk level
• D. Regulatory compliance

Correct answer: C

Explanation

The desired risk level is vital for senior management to understand as it outlines the organization's risk tolerance and guides decision-making. While risk ownership, best practices, and regulatory compliance are important, they are secondary to establishing the acceptable levels of risk that the organization is willing to take on.