Certified in Risk and Information Systems Control (CRISC) — Question 99

When defining thresholds for control key performance indicators (KPIs), it is MOST helpful to align:

Answer options

• A. key risk indicators (KRIs) with risk appetite of the business
• B. the control key performance indicators (KPIs) with audit findings
• C. control performance with risk tolerance of business owners
• D. information risk assessments with enterprise risk assessments

Correct answer: C

Explanation

Aligning control performance with the risk tolerance of business owners ensures that KPIs are relevant and effectively measure the risk that the organization is willing to accept. The other options, while important, do not directly connect the control KPIs to the specific risk tolerance levels that influence business decisions.