Exam CRISC topic 1 question 716 discussion

Reviewing the risk management process is essential to ensure that the methodologies, tools, and procedures used are appropriate for accurately identifying, assessing, and mitigating risks. This process not only ensures that the risks are appropriately managed but also that the organization is making informed decisions based on accurate risk assessments. The other options are outcomes of various aspects of risk management but don't directly reflect the primary purpose of reviewing the risk management process itself.

B. Assuring the risk profile supports the IT objectives The most important outcome of reviewing the risk management process is to ensure that the risk profile aligns with and supports the organization's IT objectives and broader business goals. Here's why this is the case: Alignment with Strategic Goals: Effective risk management should be closely aligned with an organization's strategic objectives. It ensures that risks are assessed and managed in a way that supports the achievement of those objectives. Risk-Informed Decision-Making: An aligned risk profile helps decision-makers understand the potential impact of risks on IT and business operations. It enables informed decision-making that considers risk factors. Resource Allocation: By assuring alignment, organizations can allocate resources more effectively. They can prioritize risk mitigation efforts based on their relevance to strategic goals

Pgs 67 and 68 of the 7th edition of the review manual support B.

the primary goal of the risk management process is to support the IT objectives of the organization.

The risk profile is based on the overall risk posture of the organization, which is a relevant output of the risk management process.

I think the risk profile is just reflecting organization's situation - it is not something that could be supporting (or not) anything else. So I guess B makes no sense. A is childish. It leaves only C and D on the field. Still, I dislike both :(