CRISC Certified in Risk and Information Systems Control – Question745

In addition to the risk register, what should a risk practitioner review to develop an understanding of the organization’s risk profile?

A.
The asset profile
B. Business objectives
C. The control catalog
D. Key risk indicators (KRIs)

Correct Answer: D