Certified in Risk and Information Systems Control (CRISC) — Question 773

Which of the following is necessary to enable an IT risk register to be consolidated with the rest of the organization's risk register?

Answer options

• A. Risk appetite
• B. Risk response
• C. Risk taxonomy
• D. Risk ranking

Correct answer: C

Explanation

The correct answer is C, as a risk taxonomy provides a structured classification of risks, which is essential for integrating various risk registers. Options A, B, and D do not address the need for a standardized framework to combine different risk registers effectively.