Certified in Risk and Information Systems Control (CRISC) — Question 514

Which of the following is the MOST important responsibility of an IT risk committee charged with overseeing IT risk management?

Answer options

• A. Conduct regular surveys to assess organizational risk awareness
• B. Implement an industry-recognized IT risk management framework
• C. Ensure significant risk scenarios are elevated to the board
• D. Develop and communicate an IT risk RACI chart.

Correct answer: C

Explanation

The correct answer is C because it is crucial for the IT risk committee to ensure that significant risk scenarios are communicated to the board, as they are responsible for overall governance. Option A, while important, focuses on awareness rather than direct risk management, option B is about implementation of frameworks which is secondary to reporting risks, and option D pertains to communication but does not directly impact governance at the board level.