CRISC Question #322: Real Exam Question with Answer & Explanation

The correct answer is B: obtain a holistic view of IT strategy risk.. A top-down approach to a risk workshop provides a comprehensive perspective on strategic IT risks by aligning with the organization's overall objectives.

Submitted by ricky.ec· Apr 18, 2026IT Risk Assessment

Question

The PRIMARY benefit of conducting a risk workshop using a top-down approach instead of a bottom-up approach is the ability to:

Options

Aidentify specific project risk.
Bobtain a holistic view of IT strategy risk.
Cunderstand risk associated with complex processes.
Dincorporate subject matter expertise.

Explanation

A top-down approach to a risk workshop provides a comprehensive perspective on strategic IT risks by aligning with the organization's overall objectives.

Common mistakes.

A. Identifying specific project risks is more characteristic of a bottom-up approach, which focuses on detailed operational or project-level risks.
C. Understanding risks associated with complex processes is typically better achieved with a bottom-up approach, which delves into operational details and interdependencies.
D. Incorporating subject matter expertise is valuable in both top-down and bottom-up approaches, but it's not the primary distinguishing benefit of a top-down method.

Concept tested. Risk assessment methodologies (top-down vs. bottom-up)

Reference. https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-39.pdf

Topics

#Risk workshop#Top-down approach#Strategic risk#Holistic risk view

Community Discussion

No community discussion yet for this question.

Full CRISC Practice Browse All CRISC Questions