Certified in Risk and Information Systems Control (CRISC) — Question 418

Which of the following is MOST helpful in aligning IT risk with business objectives?

Answer options

• A. Performing a business impact analysis (BIA)
• B. Integrating the results of top-down risk scenario analyses
• C. Introducing an approved IT governance framework
• D. Implementing a risk classification system

Correct answer: B

Explanation

Integrating the results of top-down risk scenario analyses allows organizations to directly relate IT risks to business objectives, ensuring alignment. In contrast, a business impact analysis (A) identifies potential impacts but does not directly align risks with objectives, while an IT governance framework (C) provides structure without necessarily ensuring alignment. A risk classification system (D) categorizes risks but does not address their alignment with business goals.