A. Performing a business impact analysis (BIA)
A Business Impact Analysis (BIA) helps in understanding how different risks can affect the organization's ability to achieve its objectives. By identifying and prioritizing business processes and functions based on their importance and the impact of potential disruptions, BIA provides insights into which IT risks might have the most significant effects on critical business objectives. Thus, BIA becomes an essential tool in aligning IT risks with the overall goals of the business.
B. Integrating the results of top-down risk scenario analyses.
The most helpful approach to aligning IT risk with business objectives is to "B. Integrate the results of top-down risk scenario analyses." Top-down risk scenario analysis involves starting with the organization's strategic objectives and then identifying risks that could potentially hinder the achievement of those objectives. This approach ensures that IT risks are aligned with the broader business goals and priorities.
While the other options (performing a business impact analysis, introducing an approved IT governance framework, implementing a risk classification system) can also contribute to aligning IT risk with business objectives, integrating top-down risk scenario analyses ensures that the risk management efforts are closely tied to the organization's strategic direction.
Selected B as 7th edition review manual made more mention of both IT and business in the section about top-down approach. Having said that, found this online with a search (non-ISACA) "A business impact analysis (BIA) identifies and analyzes your business functions then aligns IT appropriately with the business. The objective of the BIA is to identify the effects of a disruption of business functions and provide strategies to mitigate and minimize the risk to your business."
A top-down approach is based on an understanding of business objectives and how a risk event could affect the achievement of those objectives. This approach is suitable for general enterprise risk management and analysis of IT and non-IT related events.
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
6ada4e1
9 months, 1 week ago01010100
1 year, 1 month agoStaanlee
1 year, 2 months agoCbtL
1 year, 7 months agojohn_boogieman
1 year, 8 months agoZiggybooboo
1 year, 9 months agoSkipC
1 year, 11 months ago