Certified in Risk and Information Systems Control (CRISC) — Question 86

When preparing a risk status report for periodic review by senior management, it is MOST important to ensure the report includes:

Answer options

• A. recommendations by an independent risk assessor
• B. a summary of incidents that have impacted the organization
• C. a detailed view of individual risk exposures
• D. risk exposure in business terms

Correct answer: D

Explanation

The correct answer is D because presenting risk exposure in business terms helps senior management understand the potential impact on the organization’s objectives and resources. Options A, B, and C, while valuable, do not focus on translating risk exposure into the context that management needs for informed decision-making.