Isaca Certified in Risk and Information Systems Control CRISC Question # 390 Topic 40 Discussion

CRISC Exam Topic 40 Question 390 Discussion:

Question #: 390

Topic #: 40

During the initial risk identification process for a business application, it is MOST important to include which of the following stakeholders?

Business process owners

Business process consumers

Application architecture team

Internal audit

Get Premium CRISC Questions

Explanation

The MOST important stakeholders to include during the initial risk identification process for a business application are the business process owners, because they are the ones who have the authority and responsibility for the business processes that are supported or enabled by the business application. The business process owners can provide valuable input and feedback on the business objectives, requirements, and expectations of the business application, as well as thepotential risks, impacts, and opportunities that may affect the business processes and outcomes. The other options are not as important as the business process owners, because:

Option B: Business process consumers are the ones who use or benefit from the business processes that are supported or enabled by the business application, such as customers, employees, or partners. They can provide useful information and perspectives on the user needs, preferences, and satisfaction of the business application, but they are not as important as the business process owners, who have the ultimate accountability and authority for the business processes and outcomes.

Option C: Application architecture team is the one who designs and develops the technical architecture and components of the business application, such as the hardware, software, network, and data. They can provide technical expertise and guidance on the feasibility, functionality, and security of the business application, but they are not as important as the business process owners, who have the primary stake and interest in the business application and its alignment with the business processes and objectives.

Option D: Internal audit is the one who provides independent assurance and consulting services on the governance, risk management, and control processes of the organization, including the business application. They can provide objective and impartial evaluation and recommendation on the effectiveness and efficiency of the business application and its compliance with the internal and external standards and regulations, but they are not as important as the businessprocess owners, who have the direct involvement and influence on the business application and its performance and value. References = Risk and Information Systems Control Study Manual, 7th Edition, ISACA, 2020, p. 103.

Actual exam question for Isaca CRISC exam by Onyx1847 at May 24, 2026, 4:11:36 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Isaca Certified in Risk and Information Systems Control CRISC Question # 390 Topic 40 Discussion

Isaca Certified in Risk and Information Systems Control CRISC Question # 390 Topic 40 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Isaca Certified in Risk and Information Systems Control CRISC Question # 390 Topic 40 Discussion

Isaca Certified in Risk and Information Systems Control CRISC Question # 390 Topic 40 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval