Certified in Risk and Information Systems Control (CRISC) — Question 735

Which of the following risk management practices BEST facilitates the incorporation of IT risk scenarios into the enterprise-wide risk register?

Answer options

• A. Key risk indicators (KRIs) are developed for key IT risk scenarios.
• B. IT risk scenarios are developed in the context of organizational objectives.
• C. IT risk scenarios are assessed by the enterprise risk management team.
• D. Risk appetites for IT risk scenarios are approved by key business stakeholders.

Correct answer: B

Explanation

Option B is correct because developing IT risk scenarios in relation to organizational objectives ensures alignment with the overall risk management strategy. The other options, while relevant, do not directly address the incorporation of IT risks into the enterprise-wide risk register as effectively as aligning them with organizational goals.