IsacaIsaca
CRISC · Question #440
CRISC Question #440: Real Exam Question with Answer & Explanation
The correct answer is B: To enhance organizational risk culture. The primary objective of a risk awareness program is to cultivate a strong organizational risk culture where employees understand and actively contribute to risk management.
Submitted by rohit_dlh· Apr 18, 2026Governance
Question
Which of the following is the PRIMARY objective of a risk awareness program?
Options
- ATo demonstrate senior management support
- BTo enhance organizational risk culture
- CTo increase awareness of risk mitigation controls
- DTo clearly define ownership of risk
Explanation
The primary objective of a risk awareness program is to cultivate a strong organizational risk culture where employees understand and actively contribute to risk management.
Common mistakes.
- A. Demonstrating senior management support is a prerequisite for a successful program and part of effective change management, but it is not the program's primary objective itself.
- C. Increasing awareness of controls is a component of a risk awareness program, but the broader and more fundamental goal is to improve the overall risk culture, which encompasses more than just controls.
- D. Clearly defining risk ownership is a governance activity, typically handled by risk management functions, and while awareness programs might reinforce it, it's not their primary objective to establish ownership.
Concept tested. Objective of risk awareness programs
Reference. https://csrc.nist.gov/publications/detail/sp/800-50/final
Topics
#Risk awareness program#Risk culture#Risk management principles
Community Discussion
No community discussion yet for this question.