Certified in Risk and Information Systems Control (CRISC) — Question 483

To obtain support from senior management for an increase in the risk mitigation budget, it is BEST to prioritize risk scenarios in the risk register based on:

Answer options

• A. open audit issues.
• B. residual risk.
• C. risk owner seniority.
• D. inherent risk.

Correct answer: B

Explanation

Prioritizing based on residual risk (B) ensures that the focus is on the risks that remain after mitigation efforts, which is critical for effective budget allocation. Open audit issues (A) may not capture the overall risk landscape, while risk owner seniority (C) is not a direct measure of risk severity. Inherent risk (D) does not account for the effectiveness of current controls.