CRISC · Question #547
CRISC Question #547: Real Exam Question with Answer & Explanation
The correct answer is C: The scenario is aligned to a business objective.. The most essential characteristic of a good IT risk scenario is its alignment with a business objective, ensuring that risk assessments focus on impacts relevant to organizational goals.
Question
Which of the following is the MOST essential characteristic of a good IT risk scenario?
Options
- AThe scenario is aligned to business control processes.
- BThe scenario is aligned to the organization's risk appetite and tolerance.
- CThe scenario is aligned to a business objective.
- DThe scenario is aligned to known vulnerabilities in information technology.
Explanation
The most essential characteristic of a good IT risk scenario is its alignment with a business objective, ensuring that risk assessments focus on impacts relevant to organizational goals.
Common mistakes.
- A. While risk scenarios may involve control processes, aligning solely with controls doesn't ensure the scenario reflects a significant business impact or strategic relevance.
- B. Risk appetite and tolerance are used to evaluate the acceptability of a risk once it's identified, not necessarily to define the scenario itself, which describes a potential event.
- D. Aligning with known vulnerabilities is important for technical risk assessments, but without linking to a business objective, the scenario might not be considered significant from an organizational perspective.
Concept tested. Characteristics of IT risk scenarios
Reference. https://www.isaca.org/resources/cobit/cobit-2019-framework-introduction-and-methodology
Topics
Community Discussion
No community discussion yet for this question.