Certified in Risk and Information Systems Control (CRISC) — Question 737

In addition to the risk register, what should a risk practitioner review to develop an understanding of the organization's risk profile?

Answer options

• A. The asset profile
• B. Business objectives
• C. The control catalog
• D. Key risk indicators (KRIs)

Correct answer: B

Explanation

The correct answer is B, as understanding the organization's business objectives is crucial for identifying potential risks that may impact those goals. The other options, while relevant to risk management, do not provide as comprehensive an understanding of the organization's overall risk profile in relation to its strategic aims.