Certified in Risk and Information Systems Control (CRISC) — Question 916

When creating a separate IT risk register for a large organization, which of the following is MOST important to consider with regard to the existing corporate risk register?

Answer options

• A. Relying on generic IT risk scenarios
• B. Describing IT risk in business terms
• C. Leveraging business risk professionals
• D. Using a common risk taxonomy

Correct answer: D

Explanation

Using a common risk taxonomy is essential because it ensures alignment and consistency between the IT risk register and the corporate risk register, facilitating better communication and understanding of risks across the organization. The other options, while relevant, do not address the critical need for a shared framework that integrates IT risks with overall corporate risk management.