Certified in Risk and Information Systems Control (CRISC) — Question 846

A risk practitioner has been asked to evaluate the adoption of a third-party blockchain integration platform based on the value added by the platform and the organization's risk appetite. Which of the following is the risk practitioner's BEST course of action?

Answer options

• A. Update the risk register with the process changes.
• B. Review risk related to standards and regulations.
• C. Conduct a risk assessment with stakeholders.
• D. Conduct third-party resilience tests.

Correct answer: C

Explanation

The best action for the risk practitioner is to conduct a risk assessment with stakeholders, as it allows for a comprehensive evaluation of risks while considering the input of those affected. Updating the risk register or reviewing standards alone may not adequately address the specific risks associated with the new platform. Conducting resilience tests is beneficial but does not provide a holistic view of the risks involved in the adoption process.