Certified in Risk and Information Systems Control (CRISC) — Question 652

Due to a change in business processes, an identified risk scenario no longer requires mitigation. Which of the following is the MOST important reason the risk should remain in the risk register?

Answer options

• A. To track historical risk assessment results
• B. To prevent the risk scenario in the current environment
• C. To monitor for potential changes to the risk scenario
• D. To support regulatory requirements

Correct answer: C

Explanation

The correct answer is C because monitoring for potential changes allows the organization to stay aware of any factors that may reintroduce the risk. Option A is less critical as historical tracking is valuable but not as immediate. Option B is incorrect since the scenario no longer requires prevention. Option D, while important for compliance, does not address the ongoing relevance of the risk itself.