Isaca Certified in Risk and Information Systems Control CRISC Question # 110 Topic 12 Discussion

CRISC Exam Topic 12 Question 110 Discussion:

Question #: 110

Topic #: 12

Which of the following BEST facilitates the mitigation of identified gaps between current and desired risk environment states?

Develop a risk treatment plan.

Validate organizational risk appetite.

Review results of prior risk assessments.

Include the current and desired states in the risk register.

Get Premium CRISC Questions

Explanation

Developing a risk treatment plan is the best way to facilitate the mitigation of identified gaps between current and desired risk environment states. A risk treatment plan is a document that outlines the actions and resources needed to implement the chosen risk response strategy for each risk scenario. A risk treatment plan should include the following elements:

Risk scenario description and risk ID

Risk owner and other stakeholders

Risk response strategy and objectives

Risk response actions and tasks

Resources, costs, and benefits

Roles and responsibilities

Timeline and milestones

Performance indicators and monitoring mechanisms

Contingency plans and triggers

A risk treatment plan helps to close the gaps between the current and desired risk environment states by providing a clear and comprehensive roadmap for risk mitigation. It also helps to ensure that the risk response actions are aligned with the organizational risk appetite, objectives, and priorities. A risk treatment plan also facilitates the communication, coordination, and collaboration among the risk owners and other stakeholders involved in the risk mitigation process.

The other options are not the best ways to facilitate the mitigation of identified gaps between current and desired risk environment states. Validating organizational risk appetite is an important step in establishing the risk criteria and thresholds for the risk assessment process, but it does not directly address the gaps between the current and desired risk environment states. Reviewing results of prior risk assessments can provide useful insights and lessons learned for the current risk assessment process, but it does not necessarily lead to the development and implementation of effective risk response actions. Including the current and desired states in the risk register can help to document and monitor the risk scenarios and their status, but it does not provide the details and guidance for risk mitigation. References = Risk and Information Systems Control Study Manual, 7th Edition, Chapter 4: Risk Response, Section 4.2: Risk Treatment, p. 189-191.

Actual exam question for Isaca CRISC exam by Lyric8003 at May 24, 2026, 5:26:52 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Isaca Certified in Risk and Information Systems Control CRISC Question # 110 Topic 12 Discussion

Isaca Certified in Risk and Information Systems Control CRISC Question # 110 Topic 12 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Isaca Certified in Risk and Information Systems Control CRISC Question # 110 Topic 12 Discussion

Isaca Certified in Risk and Information Systems Control CRISC Question # 110 Topic 12 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval