Isaca Certified in Risk and Information Systems Control CRISC Question # 251 Topic 26 Discussion

CRISC Exam Topic 26 Question 251 Discussion:

Question #: 251

Topic #: 26

Which of the following is the GREATEST benefit when enterprise risk management (ERM) provides oversight of IT risk management?

Aligning IT with short-term and long-term goals of the organization

Ensuring the IT budget and resources focus on risk management

Ensuring senior management's primary focus is on the impact of identified risk

Prioritizing internal departments that provide service to customers

Get Premium CRISC Questions

Explanation

Enterprise risk management (ERM) is a holistic and strategic approach to managing the risks that an organization faces across its various functions, processes, and activities. ERM aims to align the organization’s risk appetite and tolerance with its objectives and vision, and to optimize the value and performance of the organization1.

IT risk management is a subset of ERM that focuses on identifying, assessing, and mitigating the risks related to the use of information technology (IT) in the organization. IT risk management aims to ensure the confidentiality, integrity, and availability of IT resources and information, and to support the IT governance and strategy of the organization2.

The greatest benefit when ERM provides oversight of IT risk management is aligning IT with short-term and long-term goals of the organization, because it can help to:

Integrate IT risk management with the overall business strategy and risk management, and ensure that IT risks are considered and addressed at the enterprise level

Align IT risk appetite and tolerance with the business risk appetite and tolerance, and ensure that IT risks are balanced with the expected benefits and opportunities

Enhance IT risk awareness and communication among the stakeholders, and ensure that IT risks are reported and escalated appropriately

Optimize IT risk response and control, and ensure that IT risks are managed efficiently and effectively

Demonstrate IT risk value and impact, and ensure that IT risks are measured and monitored against the business objectives and performance34

The other options are not the greatest benefit when ERM provides oversight of IT risk management, but rather some of the outcomes or consequences of it. Ensuring the IT budget and resources focus on risk management is a benefit that can help to allocate and prioritize the IT resources and funds according to the IT risk level and the business needs. Ensuring senior management’s primary focus is on the impact of identified risk is a benefit that can help to increase the senior management’s involvement and accountability in IT risk management, and to support the IT risk decision making and reporting. Prioritizing internal departments that provide service to customers is a benefit that can help to improve the quality and efficiency of the IT service delivery and customer satisfaction. References =

Enterprise Risk Management - ISACA

IT Risk Management - ISACA

Aligning IT risks with Enterprise Risk Management (ERM)

Five Benefits of Enterprise Risk Management : Articles : Resources …

[CRISC Review Manual, 7th Edition]

Actual exam question for Isaca CRISC exam by Nova86538 at Oct 14, 2025, 9:22:20 PM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Isaca Certified in Risk and Information Systems Control CRISC Question # 251 Topic 26 Discussion

Isaca Certified in Risk and Information Systems Control CRISC Question # 251 Topic 26 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Isaca Certified in Risk and Information Systems Control CRISC Question # 251 Topic 26 Discussion

Isaca Certified in Risk and Information Systems Control CRISC Question # 251 Topic 26 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval