Certified in Risk and Information Systems Control (CRISC) — Question 370

Which of the following is the MOST important outcome of reviewing the risk management process?

Answer options

• A. Improving the competencies of employees who performed the review
• B. Assuring the risk profile supports the IT objectives
• C. Determining what changes should be made to IS policies to reduce risk
• D. Determining that procedures used in risk assessment are appropriate

Correct answer: B

Explanation

The correct answer, B, emphasizes the importance of aligning the risk profile with IT objectives, which ensures that risk management supports the organization’s strategic goals. The other options, while relevant, focus more on procedural improvements or employee competencies rather than directly linking risk management outcomes to IT objectives.