ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CRISC All Questions

View all questions & answers for the CRISC exam
Go to Exam

Exam CRISC topic 1 question 550 discussion

Actual exam question from Isaca's CRISC
Question #: 550
Topic #: 1
[All CRISC Questions]

When evaluating enterprise IT risk management, it is MOST important to:

  • A. create new control processes to reduce identified IT risk scenarios
  • B. review alignment with the organization's investment plan
  • C. report identified IT risk scenarios to senior management
  • D. confirm the organization's risk appetite and tolerance
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Stefan07 at April 30, 2021, 2:21 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
aselunar
Highly Voted 3 years, 6 months ago
Looks like D is the correct answer.
upvoted 7 times
...
King21
Most Recent 1 year ago
Risk appetite means nothing if our risk management is not aligned to business plans
upvoted 1 times
...
Staanlee
1 year, 3 months ago
Selected Answer: D
D. Confirm the organization's risk appetite and tolerance. When evaluating enterprise IT risk management, the most important action is to "D. confirm the organization's risk appetite and tolerance." The effectiveness of IT risk management hinges on its alignment with the organization's overall risk appetite and tolerance levels. This step ensures that risk management efforts are aligned with the organization's strategic objectives and priorities. While the other options (creating new control processes, reviewing alignment with the investment plan, reporting identified risk scenarios to senior management) are all relevant aspects of IT risk management, they should be undertaken in light of the organization's risk appetite and tolerance to ensure that the risk management efforts are appropriate and aligned with the organization's risk management strategy.
upvoted 1 times
...
mraiyan
1 year, 6 months ago
Selected Answer: D
Going with D though I believe that the question needs rewording
upvoted 1 times
...
Koulyo
1 year, 8 months ago
Selected Answer: B
not sure. I am going with B since its about evaluation of the ERM.
upvoted 1 times
...
CbtL
1 year, 8 months ago
Selected Answer: D
Agree it is D
upvoted 1 times
...
john_boogieman
1 year, 9 months ago
Selected Answer: D
Agree.
upvoted 3 times
...
john_boogieman
1 year, 10 months ago
Correct 'D'.
upvoted 2 times
...
cybervds
1 year, 11 months ago
Selected Answer: D
The answer is D - we should align the enterprise IT risk management program with our company's risk appetite and tolerance...
upvoted 2 times
...
Kozy
2 years, 2 months ago
Correct: B -> The very first step is to check if IT and IT related activities (eg.: IT Risk Management) is always aligned with business. Overall, IT always support business, number 1 criteria. (Classic ISACA answers). If the activity is aligned with business, then checking answer D comes.
upvoted 3 times
cybervds
1 year, 11 months ago
I agree that the first step is to align with the business but why would enterprise IT risk management with our company's investments? The answer is D - we should align the enterprise IT risk management program with our company's risk appetite and tolerance...
upvoted 1 times
...
...
Ceecil1959
2 years, 9 months ago
Risk assessment - comprises Identification, Analysis and Evaluation. Evaluation is when you decide what controls and cost. So, B seems right.
upvoted 2 times
...
AllaAlla
2 years, 9 months ago
support D
upvoted 3 times
...
Raj1510
2 years, 11 months ago
support D
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel