CRISC Question #636: Real Exam Question with Answer & Explanation

Question

Which of the following is the PRIMARY purpose of a risk register?

Options

• AIt guides management in determining risk appetite.
• BIt provides management with a risk inventory.
• CIt aligns risk scenarios to business objectives.
• DIt monitors the performance of risk and control owners.

Explanation

The primary purpose of a risk register is to serve as a comprehensive inventory of all identified risks within an organization, providing a centralized record for management.

Common mistakes.

• A. While a risk register's contents inform risk appetite discussions, its primary purpose is not to guide the determination of risk appetite, but to document the risks themselves.
• C. Aligning risk scenarios to business objectives is a function of risk assessment and strategy, but the register's core purpose is the inventorying and tracking of those risks.
• D. Monitoring the performance of risk and control owners is a function of risk management oversight, which uses the data from the risk register, but it's not the register's primary purpose.

Concept tested. Risk register purpose

No community discussion yet for this question.