Certified in Risk and Information Systems Control (CRISC) — Question 669
Which of the following is the GREATEST concern when using a generic set of IT risk scenarios for risk analysis?
Answer options
- A. Inherent risk might not be considered
- B. Implementation costs might increase
- C. Risk factors might not be relevant to the organization
- D. Quantitative analysis might not be possible
Correct answer: C
Explanation
The primary concern with using generic IT risk scenarios is that the risk factors may not be applicable to the specific organization, leading to inaccurate assessments. While inherent risk, costs, and quantitative analysis are important considerations, they are secondary to the relevance of the identified risks to the organization's unique context.