Certified in Risk and Information Systems Control (CRISC) — Question 507

Which of the following will MOST effectively align IT controls with corporate risk tolerance?

Answer options

• A. Benchmarks against industry leading practices
• B. Internal policies approved by stakeholders
• C. Key performance indicators (KPIs) approved by stakeholders
• D. Risk management framework

Correct answer: B

Explanation

The correct answer is B, as internal policies that receive stakeholder approval are specifically designed to align IT controls with the organization’s risk tolerance. While benchmarks, KPIs, and risk management frameworks are important, they do not provide the same direct alignment with corporate risk as approved internal policies do.