Certified in Risk and Information Systems Control (CRISC) — Question 307

What is the GREATEST concern with maintaining decentralized risk registers instead of a consolidated risk register?

Answer options

• A. Aggregated risk may exceed the enterprise's risk appetite and tolerance.
• B. Duplicate resources may be used to manage risk registers.
• C. Standardization of risk management practices may be difficult to enforce.
• D. Risk analysis may be inconsistent due to non-uniform impact and likelihood scales.

Correct answer: D

Explanation

The correct answer, D, highlights that having multiple registers can lead to varying methods of risk assessment, resulting in inconsistency. While options A, B, and C are valid concerns, they don't directly address the inconsistency in risk analysis that arises from decentralized practices, which is the most significant issue.