Certified in Risk and Information Systems Control (CRISC) — Question 662

Which of the following situations presents the GREATEST challenge to creating a comprehensive IT risk profile of an organization?

Answer options

• A. Manual vulnerability scanning processes
• B. Inaccurate documentation of enterprise architecture (EA)
• C. Organizational reliance on third-party service providers
• D. Risk-averse organizational risk appetite

Correct answer: B

Explanation

Inaccurate documentation of enterprise architecture (EA) makes it challenging to identify and assess risks effectively, as it hinders understanding of the organization's IT structure. While manual vulnerability scanning processes, reliance on third-party providers, and a risk-averse appetite may present challenges, they do not impede the foundational understanding of risks like inaccurate EA documentation does.