CRISC Certified in Risk and Information Systems Control – Question115

Which of the following are the principles of risk management? Each correct answer represents a complete solution. Choose three.

A.
Risk management should be an integral part of the organization
B. Risk management should be a part of decision-making
C. Risk management is the responsibility of executive management
D. Risk management should be transparent and inclusive

Correct Answer: ABD

Explanation:

Explanation:
The International Organization for Standardization (ISO) identifies the following principles of risk management. Risk management should:

  • create value
  • be an integral part of organizational processes
  • be part of decision making
  • explicitly address uncertainty
  • be systematic and structured
  • be based on the best available information
  • be tailored
  • take into account human factors
  • be transparent and inclusive
  • be dynamic, iterative, and responsive to change
  • be capable of continual improvement and enhancement