Certified in Risk and Information Systems Control (CRISC) — Question 736

In an organization with a mature risk management program, which of the following would provide the BEST evidence that the IT risk profile is up to date?

Answer options

• A. Risk questionnaire
• B. Risk register
• C. Compliance manual
• D. Management assertion

Correct answer: B

Explanation

The Risk register is the most effective tool for tracking and updating the IT risk profile as it contains detailed information about identified risks, their assessments, and management actions. In contrast, a Risk questionnaire may provide insights but lacks comprehensive tracking, while a Compliance manual and Management assertion do not specifically focus on the current risk landscape.