Certified in Risk and Information Systems Control (CRISC) — Question 452

Which of the following is the BEST indicator of executive management's support for IT risk mitigation efforts?

Answer options

• A. The number of executives attending IT security awareness training
• B. The percentage of incidents presented to the board
• C. The percentage of corporate budget allocated to IT risk activities
• D. The number of stakeholders involved in IT risk identification workshops

Correct answer: C

Explanation

The correct answer is C because allocating a significant portion of the corporate budget to IT risk activities demonstrates a strong commitment from executive management to prioritize and address IT risks. In contrast, the other options may reflect involvement or awareness but do not indicate the same level of financial support or strategic importance placed on managing IT risks.