CRISC Certified in Risk and Information Systems Control – Question550

When evaluating enterprise IT risk management, it is MOST important to:

A.
create new control processes to reduce identified IT risk scenarios
B. review alignment with the organization’s investment plan
C. report identified IT risk scenarios to senior management
D. confirm the organization’s risk appetite and tolerance

Correct Answer: B