Certified in Risk and Information Systems Control (CRISC) — Question 57

Which of the following is the best reason for performing risk assessment?

Answer options

• A. To determine the present state of risk
• B. To analyze the effect on the business
• C. To satisfy regulatory requirements
• D. To budget appropriately for the application of various controls

Correct answer: A

Explanation

The best reason for performing a risk assessment is to determine the present state of risk, which allows organizations to identify existing vulnerabilities. While analyzing the effect on business, satisfying regulatory requirements, and budgeting for controls are important, they are secondary to understanding the current risk landscape.