Certified in Risk and Information Systems Control (CRISC) — Question 698

Which of the following is the PRIMARY purpose of periodically reviewing an organization's risk profile?

Answer options

• A. Design and implement risk response action plans
• B. Align business objectives with risk appetite
• C. Enable risk-based decision making
• D. Update risk responses in the risk register

Correct answer: C

Explanation

The primary purpose of reviewing an organization's risk profile is to enable risk-based decision making, allowing for informed choices that reflect the current risk landscape. While designing risk response action plans, aligning business objectives with risk appetite, and updating risk responses are important tasks, they are secondary to the critical need for decision making grounded in an understanding of risks.