The most important element to update when an organization’s risk appetite changes is the key risk indicators (KRIs). KRIs are metrics that provide an early warning of increasing risk exposure in various areas of the organization. They help to monitor the level of risk and to trigger risk responses when the risk exceeds the risk appetite. The risk appetite is the amount and type of risk that an organization is willing to accept in pursuit of its objectives. Risk reportingmethodology, key performance indicators (KPIs), and risk taxonomy are other elements that may be updated, but they are not as important as the KRIs. References = ISACA Certified in Risk and Information Systems Control (CRISC) Certification Exam Question and Answers, question 12; CRISC Review Manual, 6th Edition, page 215.