Certified in Risk and Information Systems Control (CRISC) — Question 522

Which of the following is MOST important for a risk practitioner to include in a report for senior management on the risk related to the adoption of cloud computing?

Answer options

• A. Compliance with existing security controls
• B. Results of a cost-benefit analysis
• C. Comparison with competitive risk benchmarks
• D. Alignment with organizational risk appetite

Correct answer: D

Explanation

The correct answer is D because aligning with the organization's risk appetite ensures that the cloud computing risks are acceptable within the broader context of the organization's risk strategy. Options A, B, and C, while relevant, do not address the fundamental need to match risk levels with the organization's overall risk tolerance.