Certified in Risk and Information Systems Control (CRISC) — Question 969

An organization maintains independent departmental risk registers that are not automatically aggregated. Which of the following is the GREATEST concern?

Answer options

• A. Resources may be inefficiently allocated
• B. Management may be unable to accurately evaluate the risk profile
• C. Multiple risk treatment efforts may be initiated to treat a given risk
• D. The same risk factor may be identified in multiple areas

Correct answer: B

Explanation

The greatest concern is that without aggregation, management may not be able to get a comprehensive view of the organization's risk profile, leading to poor decision-making. While inefficient resource allocation, multiple treatments for the same risk, and overlapping risk factors are all issues, they stem from the inability to accurately evaluate risks across departments.