Certified in Risk and Information Systems Control (CRISC) — Question 768

Which of the following BEST facilitates the mitigation of identified gaps between current and desired risk environment states?

Answer options

• A. Develop a risk treatment plan.
• B. Include the current and desired states in the risk register.
• C. Review results of prior risk assessments.
• D. Validate organizational risk appetite.

Correct answer: A

Explanation

Creating a risk treatment plan is essential as it outlines the specific actions to close the gaps between current and desired risk states. The other options, while useful in risk management, do not directly establish a proactive approach to mitigate the identified gaps.