Certified in Risk and Information Systems Control (CRISC) — Question 967

The MAIN reason for prioritizing IT risk responses is to enable an organization to:

Answer options

• A. determine the risk appetite.
• B. determine the budget.
• C. define key performance indicators (KPIs).
• D. optimize resource utilization.

Correct answer: D

Explanation

The correct answer, D, emphasizes that optimizing resource utilization is crucial for effectively managing risks. The other options, while important, do not directly relate to the prioritization of IT risk responses in terms of resource management and efficiency.