CRISC Certified in Risk and Information Systems Control – Question769

The PRIMARY objective for requiring an independent review of an organizations IT risk management process should be to:

A.
ensure IT risk management is focused on mitigating potential risk.
B. confirm that IT risk assessment results are expressed as business impact.
C. assess gaps in IT risk management operations and strategic focus.
D. verify implemented controls to reduce the likelihood of threat materialization.

Correct Answer: C