Certified in Risk and Information Systems Control (CRISC) — Question 371

Which of the following is the PRIMARY objective of providing an aggregated view of IT risk to business management?

Answer options

• A. To provide consistent and clear terminology
• B. To allow for proper review of risk tolerance
• C. To identify dependencies for reporting risk
• D. To enable consistent data on risk to be obtained

Correct answer: D

Explanation

The primary objective is to ensure that consistent data on risk can be gathered, which supports informed decision-making. Options A, B, and C focus on aspects that contribute to understanding risk but do not directly address the need for consistency in data, which is essential for effective risk management.