CRISC Risk Governance and Frameworks

Question 1

Which internationally recognized framework is MOST commonly used to align IT risk governance with enterprise risk management (ERM)?

Accepted Answer

COSO ERM

Answer

COSO ERM provides an integrated framework that aligns IT risk management with broader enterprise risk governance objectives.

Question 2

The THREE lines of defense model assigns IT risk oversight responsibility to which line?

Accepted Answer

Second line (risk management function)

Answer

The second line of defense — the risk management function — is responsible for overseeing and monitoring IT risk across the organization.

Question 3

A risk appetite statement should PRIMARILY be approved by which organizational body?

Accepted Answer

Board of Directors

Answer

The Board of Directors is ultimately accountable for setting and approving the organization's risk appetite at the highest governance level.

Question 4

Which CRISC domain focuses on ensuring that risk management activities are integrated into the enterprise governance structure?

Accepted Answer

IT Risk Governance

Answer

The IT Risk Governance domain ensures risk management is embedded in the enterprise governance structure and aligned with business objectives.

Question 5

When developing a risk governance framework, which element BEST ensures accountability for risk decisions?

Accepted Answer

Defined RACI matrix for risk roles

Answer

A RACI matrix (Responsible, Accountable, Consulted, Informed) explicitly assigns accountability for each risk-related decision and activity.

CRISC - Certified in Risk and Information Systems Control Practice Test