Certified in Risk and Information Systems Control (CRISC) — Question 532

Which of the following BEST promotes alignment between IT risk management and enterprise risk management?

Answer options

• A. Using the same risk ranking methodology across IT and the business
• B. Obtaining senior management approval for IT policies and procedures
• C. Including IT risk scenarios in the organization's risk register
• D. Expressing risk treatment initiatives in financial terms

Correct answer: C

Explanation

Including IT risk scenarios in the organization's risk register ensures that IT risks are recognized and managed within the broader context of enterprise risks. While the other options may support risk management, they do not directly integrate IT risks into the overall risk framework as effectively as option C does.