Certified in Risk and Information Systems Control (CRISC) — Question 428

Which of the following risk-related information is MOST valuable to senior management when formulating an IT strategic plan?

Answer options

• A. Risk mitigation plans
• B. IT risk appetite statement
• C. Emerging IT risk scenarios
• D. Key risk indicators (KRIs)

Correct answer: B

Explanation

The IT risk appetite statement is crucial for senior management as it defines the level of risk the organization is willing to accept. While risk mitigation plans, emerging IT risk scenarios, and key risk indicators (KRIs) are useful, they support the implementation of the strategy rather than establishing the foundational risk parameters that guide decision-making.