CRISC Certified in Risk and Information Systems Control – Question721

Which of the following is the PRIMARY objective of providing an aggregated view of IT risk to business management?

A.
To provide consistent and clear terminology
B. To allow for proper review of risk tolerance
C. To identify dependencies for reporting risk
D. To enable consistent data on risk to be obtained

Correct Answer: B