CRISC Certified in Risk and Information Systems Control – Question661

A key risk indicator (KRI) is reported to senior management on a periodic basis as exceeding thresholds, but each time senior management has decided to take no action to reduce the risk. Which of the following is the MOST likely reason for senior management’s response?

A.
The underlying data source for the KRI is using inaccurate data and needs to be corrected.
B. The KRI threshold needs to be revised to better align with the organization’s risk appetite.
C. Senior management does not understand the KRI and should undergo risk training.
D. The KRI is not providing useful information and should be removed from the KRI inventory.

Correct Answer: B