Certified in Risk and Information Systems Control (CRISC) — Question 322

Which of the following is the BEST way for a risk practitioner to help management prioritize risk response?

Answer options

• A. Assess risk against business objectives.
• B. Implement an organization-specific risk taxonomy.
• C. Align business objectives to the risk profile.
• D. Explain risk details to management.

Correct answer: A

Explanation

The correct answer is A because assessing risks in relation to business objectives allows management to see the direct impact on the organization's goals, making prioritization clearer. Options B and C, while useful, do not directly facilitate the prioritization process like option A does. Option D, although informative, does not aid directly in establishing priorities for risk response.