Certified in Risk and Information Systems Control (CRISC) — Question 79

Which of the following activities would BEST contribute to promoting an organization-wide risk-aware culture?

Answer options

• A. Communicating components of risk and their acceptable levels
• B. Performing a benchmark analysis and evaluating gaps
• C. Participating in peer reviews and implementing best practices
• D. Conducting risk assessments and implementing controls

Correct answer: A

Explanation

Option A is correct because effective communication of risk components and acceptable levels is essential for building a shared understanding of risk across the organization. The other options, while valuable for risk management, focus more on analysis, best practices, and controls rather than promoting a culture of awareness.