CRISC · Question #107
CRISC Question #107: Real Exam Question with Answer & Explanation
The correct answer is D: Open communication of risk reporting. Open communication of risk reporting is most important for promoting a risk-aware culture because it fosters transparency and encourages all levels of the organization to understand, discuss, and take ownership of risks. This proactive sharing of information cultivates a collecti
Question
Which of the following is MOST important to promoting a risk-aware culture?
Options
- ARegular testing of risk controls
- BCommunication of audit findings
- CProcedures for security monitoring
- DOpen communication of risk reporting
Explanation
Open communication of risk reporting is most important for promoting a risk-aware culture because it fosters transparency and encourages all levels of the organization to understand, discuss, and take ownership of risks. This proactive sharing of information cultivates a collective responsibility for risk management.
Common mistakes.
- A. Regular testing of risk controls is crucial for validating control effectiveness but doesn't directly promote a cultural shift in risk awareness across all employees.
- B. Communication of audit findings is important for learning and improvement, but it is reactive and focuses on past issues rather than proactive, ongoing risk awareness across the organization.
- C. Procedures for security monitoring are operational activities to detect threats but do not inherently build a broad risk-aware culture.
Concept tested. Fostering risk-aware culture
Reference. https://learn.microsoft.com/en-us/compliance/regulatory/risk-management-process
Topics
Community Discussion
No community discussion yet for this question.