Certified in Risk and Information Systems Control (CRISC) — Question 604

Which activity would BEST enable a risk manager to verify the scope of responsibilities for stakeholders in IT risk scenarios?

Answer options

• A. Tabletop exercise
• B. Risk assessment
• C. Vulnerability assessment
• D. Interviews with IT staff

Correct answer: A

Explanation

A tabletop exercise allows stakeholders to engage in simulated scenarios, helping them clarify their roles and responsibilities in managing IT risks. While risk assessments and vulnerability assessments are important, they focus more on identifying risks rather than confirming stakeholder responsibilities. Interviews with IT staff may provide insights, but they lack the collaborative aspect that a tabletop exercise offers.