Certified in Risk and Information Systems Control (CRISC) — Question 50

Which of the following is MOST important when discussing risk within an organization?

Answer options

• A. Adopting a common risk taxonomy.
• B. Creating a risk communication policy.
• C. Using key performance indicators (KPIs).
• D. Using key risk indicators (KRIs).

Correct answer: A

Explanation

Adopting a common risk taxonomy is essential because it provides a standardized framework for identifying and assessing risks across the organization, facilitating better communication and understanding. The other options, while important, do not provide the foundational structure necessary for effective risk management like a common taxonomy does.