Certified in Risk and Information Systems Control (CRISC) — Question 747

Which of the following is MOST important to include in regulatory and risk updates when a new legal requirement affects the organization?

Answer options

• A. Recommended key risk indicator (KRI) thresholds.
• B. Cost of changes to critical business processes.
• C. Risk associated with noncompliance.
• D. Time frame to remediate noncompliance risk.

Correct answer: C

Explanation

The correct answer, C, highlights the importance of understanding the risks associated with noncompliance, which can lead to significant legal and financial consequences. Options A and B, while important, do not capture the immediate legal implications of noncompliance, and D, though relevant, focuses more on remediation rather than the risks of noncompliance itself.