CRISC Question #295: Real Exam Question with Answer & Explanation

The correct answer is C: Accepted risk scenarios with impact exceeding the risk tolerance. The most important scenario to communicate to senior management is when accepted risk scenarios have an impact exceeding the organization's defined risk tolerance.

Submitted by lukas.cz· Apr 18, 2026Risk Response and Reporting

Question

Which of the following scenarios is MOST important to communicate to senior management?

Options

AAccepted risk scenarios with detailed plans for monitoring
BRisk scenarios that have been shared with vendors and third parties
CAccepted risk scenarios with impact exceeding the risk tolerance
DRisk scenarios that have been identified, assessed, and responded to by the risk owners

Explanation

The most important scenario to communicate to senior management is when accepted risk scenarios have an impact exceeding the organization's defined risk tolerance.

Common mistakes.

A. Accepted risk scenarios with monitoring plans are part of normal operations and do not necessarily require senior management communication unless tolerance is exceeded.
B. Sharing risk scenarios with vendors is an operational aspect of third-party risk management, not a primary trigger for senior management escalation.
D. Risk scenarios identified, assessed, and responded to by risk owners are part of routine risk management processes, unless their impact exceeds tolerance.

Concept tested. Risk Escalation to Management

Reference. https://learn.microsoft.com/en-us/compliance/regulatory/regulatory-compliance-dashboard-risk-assessment

Topics

#Risk Communication#Risk Tolerance#Senior Management Reporting#Risk Escalation

Community Discussion

No community discussion yet for this question.

Full CRISC Practice Browse All CRISC Questions