Certified in Risk and Information Systems Control (CRISC) — Question 891

Which of the following is the PRIMARY reason to conduct risk assessments at periodic intervals?

Answer options

• A. To promote a risk-aware culture among staff
• B. To ensure emerging risk is identified and monitored
• C. To ensure risk trend data is collected and reported
• D. To establish the maturity level of risk assessment processes

Correct answer: B

Explanation

The correct answer, B, emphasizes the importance of identifying and monitoring new risks that may arise over time. While promoting a risk-aware culture, collecting trend data, and establishing maturity levels are important, they are secondary to the immediate need to recognize and manage emerging risks effectively.