Certified in Risk and Information Systems Control (CRISC) — Question 696

Which of the following is MOST important when considering risk in an enterprise risk management (ERM) process?

Answer options

• A. Risk identified by industry benchmarking is included.
• B. Financial risk is given a higher priority.
• C. Risk with strategic impact is included.
• D. Security strategy is given a higher priority.

Correct answer: C

Explanation

The correct answer is C because risks that have strategic impact can influence the overall direction and success of the organization. While financial risks and security strategies are important, they should align with the strategic goals of the enterprise, making strategic impact the priority in the ERM process.