Isaca Exam CRISC Topic 4 Question 94 Discussion

Actual exam question for Isaca's CRISC exam

Question #: 94
Topic #: 4

[All CRISC Questions]

Which of the following BEST supports the integration of IT risk management into an organization's strategic planning?

AClearly defined organizational goals and objectives

BA comprehensive and documented IT risk management plan

CIncentive plans that reward employees based on IT risk metrics

DRegular organization-wide risk awareness training

Show Suggested Answer

Suggested Answer: A

Clearly defined organizational goals and objectives provide the foundation for integrating IT risk management into strategic planning. When risk management aligns with the organization's strategic direction, it becomes a core component of decision-making. While a documented IT risk management plan (Option B), incentive plans (Option C), and risk awareness training (Option D) are supportive measures, they are not as fundamental as aligning risk management with organizational goals.

ISACA CRISC Review Manual, Domain 1: IT Risk Identification -- Emphasizes the importance of aligning risk management with organizational objectives.

by Josefa at Feb 08, 2025, 07:51 PM

Limited Time Offer

25%

Off

Get Premium CRISC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Iluminada

3 months ago

Option A is a good starting point, but without the right plan and training, it's not going to be enough. IT risk needs a more comprehensive approach.

upvoted 0 times

...

Elenor

3 months ago

Ah, the old 'IT risk management dilemma.' I'd go with Option B - a solid plan is the foundation for effective integration.

upvoted 0 times

Becky

2 months ago

Option A could also be important, aligning IT risk management with overall business objectives.

upvoted 0 times

...

Mike

3 months ago

I agree, having a clear strategy in place is crucial for managing IT risks.

upvoted 0 times

...

Stephaine

3 months ago

Option B - a solid plan is definitely key for integration.

upvoted 0 times

...

Dianne

3 months ago

Option C is an interesting idea, but I'm not sure if incentivizing based on IT risk metrics is the best way to go. It could lead to some unintended consequences.

upvoted 0 times

...

Steffanie

3 months ago

I'm leaning towards Option D. Regular risk awareness training is essential to ensure everyone is on the same page.

upvoted 0 times

Glory

2 months ago

Training is essential for integrating IT risk management into strategic planning.

upvoted 0 times

...

Lisandra

3 months ago

Definitely, having everyone on the same page is crucial for effective risk management.

upvoted 0 times

...

Emily

3 months ago

I agree, training is important to make sure everyone understands the risks involved.

upvoted 0 times

...

Nieves

3 months ago

Option D sounds good. Regular training is key to keeping everyone informed.

upvoted 0 times

...

Marguerita

4 months ago

Option B seems like the most comprehensive approach to integrating IT risk management into strategic planning. A documented plan is key.

upvoted 0 times

Lizette

3 months ago

I agree, having a clear plan in place is crucial for integrating IT risk management into strategic planning.

upvoted 0 times

...

Marsha

3 months ago

Option B does seem like a comprehensive approach. A documented plan is definitely key.

upvoted 0 times

...

Elouise

4 months ago

I disagree. I believe D) Regular organization-wide risk awareness training is crucial for integrating IT risk management into strategic planning.

upvoted 0 times

...

Mollie

4 months ago

I agree with Delbert. Having clear goals and objectives will help align IT risk management with the organization's overall strategy.

upvoted 0 times

...

Delbert

4 months ago

I think A) Clearly defined organizational goals and objectives is the best option.

upvoted 0 times

...