Certified in Risk and Information Systems Control (CRISC) — Question 976

Which of the following is a risk practitioner’s BEST course of action after identifying risk scenarios related to noncompliance with new industry regulations?

Answer options

• A. Recalculate the risk.
• B. Implement monitoring controls.
• C. Escalate to senior management.
• D. Transfer the risk.

Correct answer: C

Explanation

The best action is to escalate to senior management as they need to be made aware of compliance risks that could impact the organization. Recalculating the risk or implementing controls may not effectively address the urgency of the situation, while transferring the risk does not resolve the underlying compliance issue.