The correct answer isCbecause the best way to consolidate results of risk assessments across multiple operating units is toaggregate operating unit risk registers into a central risk register. The risk register is the primary enterprise repository for identified risks, their ratings, ownership, mitigation status, and other decision-making information. Consolidation into a central register enables enterprise-level visibility and aggregation.

The other options are less appropriate:

A. Perform additional risk assessments and create an enterprise risk matrixmay help analysis, but it is not the primary consolidation mechanism.

B. Implement a GRC systemmay support the process technically, but the key answer is the centralization of the risk information itself.

D. Update departmental risk registers with items from the central risk registerreverses the required direction of consolidation.

Exact Extracts supporting the answer:

“The risk register is PRIMARILY a document communicating risk to relevant stakeholders.”

“The MAIN reason an enterprise maintains a risk register is to act as a repository of identified risk for decision-making.”

“The BEST tool for documenting the status of risk mitigation and risk ownership at the enterprise level is the risk register.”

“An updated risk register ensures effective prioritization and treatment of risk.”

“The MOST useful place for enterprise management to store data related to a potential information breach is the risk register.”

These extracts directly support that acentral risk registeris the best mechanism for enterprise-level consolidation of assessment results.