CRISC Certified in Risk and Information Systems Control – Question466

What is the PRIMARY reason to categorize risk scenarios by business process?

A.
To determine aggregated risk levels by risk owner
B. To identify situations that result in over-control
C. To enable management to implement cost-effective risk mitigation
D. To show business activity deficiencies that need to be improved

Correct Answer: C