Certified in Risk and Information Systems Control (CRISC) — Question 520

Which of the following would be MOST helpful to management when reviewing enterprise risk appetite and tolerance?

Answer options

• A. SWOT analysis results
• B. Risk mitigation plans
• C. Internal audit recommendations
• D. Threat analysis results

Correct answer: D

Explanation

Threat analysis results provide critical insights into potential risks and vulnerabilities that the organization faces, making them essential for understanding risk appetite and tolerance. In contrast, SWOT analysis, risk mitigation plans, and internal audit recommendations, while important, do not directly address the current threats and risks that could impact the enterprise's decisions on risk management.