Isaca Certified in Risk and Information Systems Control CRISC Question # 118 Topic 12 Discussion

CRISC Exam Topic 12 Question 118 Discussion:

Question #: 118

Topic #: 12

Which of the following activities is PRIMARILY the responsibility of senior management?

Bottom-up identification of emerging risks

Categorization of risk scenarios against a standard taxonomy

Prioritization of risk scenarios based on severity

Review of external loss data

Get Premium CRISC Questions

Explanation

The primary responsibility of senior management in risk management is to prioritize the risk scenarios based on severity. Risk scenarios are hypothetical events or situations that could affect the achievement of the objectives. Risk severity is a measure of the overall level of risk, based on the combination of the probability and impact of the risk scenario. Prioritizing the risk scenarios based on severity is the primary responsibility of senior management, because it helps to allocate the resources and actions to the most critical and urgent risks, and to align the risk management process with the organizational strategy and risk appetite. Senior management also has the authority and accountability to make the final decisions and approve the risk response plans for the prioritized risks. The other options are not the primary responsibility of senior management, although they may be involved or consulted in these activities. Bottom-up identification of emerging risks is a process of identifying and reporting the new or changing risks that may arise from the operational or tactical level of the organization. This is usually the responsibility of the risk owners or the risk practitioners, who have the knowledge and experience of the specific functions and processes. Categorization of risk scenarios against a standard taxonomy is a process of classifying and organizing the risk scenarios into predefined categories or groups, based on their nature, source, or impact. This is usually the responsibility of the risk analysts or the risk coordinators, who have the skills and tools to perform the risk analysis and assessment. Review of external loss data is a process of collecting and analyzing the data and information on the losses or incidents that occurred in other organizations or industries, due to similar or related risks. This is usually the responsibility of the risk researchers or the risk consultants, who have the access and expertise to obtain and interpret the external data and information. References = The Role of Executive Management in ERM - Corporate Compliance Insights, Guidelines on Risk Management Practices – Board and Senior Management, Risk Manager Job Description [+2023 TEMPLATE] - Workable

Actual exam question for Isaca CRISC exam by Hale24640 at Aug 3, 2025, 11:27:57 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Isaca Certified in Risk and Information Systems Control CRISC Question # 118 Topic 12 Discussion

Isaca Certified in Risk and Information Systems Control CRISC Question # 118 Topic 12 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Isaca Certified in Risk and Information Systems Control CRISC Question # 118 Topic 12 Discussion

Isaca Certified in Risk and Information Systems Control CRISC Question # 118 Topic 12 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval