CRISC Certified in Risk and Information Systems Control – Question142

Which of the following is NOT true for risk governance?

A.
Risk governance is based on the principles of cooperation, participation, mitigation and sustainability, and is adopted to achieve more effective risk management.
B. Risk governance requires reporting once a year.
C. Risk governance seeks to reduce risk exposure and vulnerability by filling gaps in risk policy.
D. Risk governance is a systemic approach to decision making processes associated to natural and technological risks.

Correct Answer: B

Explanation:

Explanation: Risk governance is a continuous life cycle that requires regular reporting and ongoing review, not once a year.
Incorrect Answers:
A, C, D: These are true for risk governance.