Certified in Risk and Information Systems Control (CRISC) — Question 525

Which of the following would be of GREATEST concern to a risk practitioner following an annual review of the risk monitoring process?

Answer options

• A. There is a lack of reporting when a key risk indicator (KRI) exceeds its thresholds.
• B. The list of stakeholders for alert notifications is outdated.
• C. There is a significant number of manual risk monitoring processes.
• D. The frequency of reporting to management is misaligned with corporate standards.

Correct answer: A

Explanation

The greatest concern is option A because if there is no reporting when a KRI surpasses its thresholds, it can lead to unaddressed risks that may escalate. Option B, while important, does not directly affect risk management; option C indicates inefficiency but may not immediately impact risk awareness; option D pertains to reporting standards but does not directly relate to risk threshold breaches.