Certified in Risk and Information Systems Control (CRISC) — Question 473

Which of the following is the PRIMARY consideration when establishing an organization's risk management methodology?

Answer options

• A. Risk tolerance level
• B. Benchmarking information
• C. Resource requirements
• D. Business context

Correct answer: D

Explanation

The correct answer is D, as understanding the business context is crucial for tailoring the risk management methodology to the specific needs and objectives of the organization. Options A, B, and C are important but serve as secondary considerations that should align with the overarching business context.