CRISC Certified in Risk and Information Systems Control – Question716

Which of the following is the MOST important outcome of reviewing the risk management process?

A.
Improving the competencies of employees who performed the review
B. Assuring the risk profile supports the IT objectives
C. Determining what changes should be made to IS policies to reduce risk
D. Determining that procedures used in risk assessment are appropriate

Correct Answer: B