CRISC Question #513: Real Exam Question with Answer & Explanation

Question

Which of the following should a risk practitioner do FIRST to support the implementation of governance around organizational assets within an enterprise risk management (ERM) program?

Options

• ADevelop a detailed risk profile.
• BHire experienced and knowledgeable resources.
• CSchedule internal audits across the business.
• DConduct risk assessments across the business.

Explanation

To implement governance around organizational assets within an ERM program, a risk practitioner should first develop a detailed risk profile. This provides a comprehensive understanding of the organization's risks, including those related to assets, which is foundational for effective governance.

Common mistakes.

• B. While experienced resources are important, developing an understanding of the risk landscape (risk profile) precedes staffing specific roles.
• C. Audits assess compliance and effectiveness of controls, but a risk profile is needed first to define what aspects of risk require governance.
• D. Conducting risk assessments is part of developing a risk profile, but the profile synthesizes these into a comprehensive view for governance.

Concept tested. Enterprise risk management foundational steps

No community discussion yet for this question.