Certified in Risk and Information Systems Control (CRISC) — Question 416

Which of the following is the MOST effective approach for an organization to establish and promote a strong risk culture?

Answer options

• A. Map risk management policies and procedures to business objectives
• B. Appoint a risk management steering committee with business representation
• C. Incorporate risk management objectives into job descriptions
• D. Obtain senior management commitment for organization-wide risk awareness

Correct answer: D

Explanation

The correct answer, D, emphasizes the importance of senior management's support in fostering a risk-aware environment throughout the organization. While the other options contribute to risk management, they do not have the same level of impact on instilling a comprehensive culture of risk awareness as senior management commitment does.