Certified in Risk and Information Systems Control (CRISC) — Question 715

Which of the following is MOST important for maintaining the effectiveness of an IT risk register?

Answer options

• A. Recording and tracking the status of risk response plans within the register.
• B. Communicating the register to key stakeholders.
• C. Performing regular reviews and updates to the register.
• D. Removing entries from the register after the risk has been treated.

Correct answer: C

Explanation

The correct answer is C because regular reviews and updates ensure that the risk register reflects the current risk landscape and response strategies. Options A and B are important but secondary to the need for ongoing evaluation. Option D is incorrect as it could lead to a lack of historical context and understanding of past risks.