CRISC Certified in Risk and Information Systems Control – Question067

You are the risk official of your enterprise. Your enterprise takes important decisions without considering risk credential information and is also unaware of external requirements for risk management and integration with enterprise risk management. In which of the following risk management capability maturity levels does your enterprise exists?

A.
Level 1
B. Level 0
C. Level 5
D. Level 4

Correct Answer: B

Explanation:

Explanation:
0 nonexistent: An enterprise’s risk management capability maturity level is 0 when:

  • The enterprise does not recognize the need to consider the risk management or the business impact from IT risk.
  • Decisions involving risk lack credible information.
  • Awareness of external requirements for risk management and integration with enterprise risk management (ERM) do not exists.

Incorrect Answers: A, C, D: These all are much higher levels of the risk management capability maturity model and in all these enterprises do take decisions considering the risk credential information. Moreover, in these levels enterprise is aware of external requirements for risk management and integrate with ERM.