Certified in Risk and Information Systems Control (CRISC) — Question 905

Which of the following is the BEST way for a risk practitioner to present an annual risk management update to the board?

Answer options

• A. A summary of IT risk scenarios with business cases
• B. A summary of risk response plans with validation results
• C. A report with control environment assessment results
• D. A dashboard summarizing key risk indicators (KRIs)

Correct answer: D

Explanation

The best approach is to use a dashboard summarizing key risk indicators (KRIs), as it provides a clear and concise visual representation of risks that are most critical to the organization. The other options, while informative, may not convey the information as effectively or in a format that is easily digestible for board members.