Certified in Risk and Information Systems Control (CRISC) — Question 921

Which of the following is MOST helpful in providing a high-level overview of current IT risk severity?

Answer options

• A. Risk mitigation plans
• B. Risk appetite statement
• C. Heat map
• D. Key risk indicators (KRIs)

Correct answer: C

Explanation

A heat map visually represents the severity of risks, making it easier to understand and communicate the overall risk landscape at a glance. Risk mitigation plans and key risk indicators (KRIs) provide detailed insights and measurements but do not offer the high-level overview that a heat map does. A risk appetite statement outlines the level of risk an organization is willing to accept but does not show current risk severity.