Certified in Risk and Information Systems Control (CRISC) — Question 898

The IT risk profile is PRIMARILY a communication tool for:

Answer options

• A. external stakeholders.
• B. senior management.
• C. internal audit.
• D. regulators.

Correct answer: B

Explanation

The correct answer is B, as the IT risk profile is mainly designed to inform senior management about the organization's IT risks and their potential impact. While external stakeholders, internal auditors, and regulators may also find this information useful, the primary audience is senior management who need to make informed decisions based on the presented risks.