Certified in Risk and Information Systems Control (CRISC) — Question 664

Which of the following is MOST important to promoting a risk-aware culture?

Answer options

• A. Communication of audit findings
• B. Open communication of risk reporting
• C. Procedures for security monitoring
• D. Regular testing of risk controls

Correct answer: B

Explanation

Open communication of risk reporting is vital because it ensures that all employees are informed about potential risks, which encourages proactive risk management. While communication of audit findings, monitoring procedures, and testing controls are important, they do not foster a comprehensive understanding of risk across the organization like open reporting does.