CRISC Question #341: Real Exam Question with Answer & Explanation

Question

Which of the following is the BEST risk management approach for the strategic IT planning process?

Options

• AKey performance indicators (KPIs) are established to track IT strategic initiatives.
• BThe IT strategic plan is reviewed by the chief information security officer (CISO) and enterprise risk
• CThe IT strategic plan is developed from the organization-wide risk management plan.
• DRisk scenarios associated with IT strategic initiatives are identified and assessed.

Explanation

The most effective risk management approach for strategic IT planning involves proactively identifying and assessing specific risk scenarios tied to IT initiatives.

Common mistakes.

• A. Establishing KPIs tracks performance but doesn't proactively manage risks inherent in the strategic planning process itself.
• B. Review by CISO and enterprise risk is a good governance step but occurs after the plan's development and doesn't constitute the primary risk management approach for planning.
• C. While the IT plan should align with the organization-wide risk management plan, this choice describes an input, not the approach for managing risks specifically within the IT strategic planning process.

Concept tested. Strategic IT risk identification and assessment

No community discussion yet for this question.