Isaca Certified in Risk and Information Systems Control CRISC Question # 430 Topic 44 Discussion

CRISC Exam Topic 44 Question 430 Discussion:

Question #: 430

Topic #: 44

The GREATEST concern when maintaining a risk register is that:

impacts are recorded in qualitative terms.

executive management does not perform periodic reviews.

IT risk is not linked with IT assets.

significant changes in risk factors are excluded.

Get Premium CRISC Questions

Explanation

A risk register is a tool that records and tracks the identified risks, their causes, impacts, likelihood, responses, and owners. The greatest concern when maintaining a risk register is that significant changes in risk factors are excluded. Risk factors are the internal and external variables that influence the occurrence and impact of risks. Risk factors can change over time due to changes in the business environment, the IT landscape, the threat landscape, or the regulatory requirements. If the risk register does not reflect the significant changes in risk factors, it may not provide an accurate and current view of the enterprise’s risk profile and may not support effective risk management decisions and actions. The other options are not as concerning as the exclusion of significant changes in risk factors, as they involve different aspects of the risk register:

Impacts are recorded in qualitative terms means that the risk register uses descriptive scales, such as low, medium, and high, to measure the potential consequences of the risks. This may not be asprecise or consistent as quantitative measures, such as monetary values or percentages, but it does not necessarily affect the validity or usefulness of the risk register.

Executive management does not perform periodic reviews means that the risk register is not regularly evaluated and updated by the senior leaders of the enterprise. This may indicate a lack of management commitment or oversight for risk management, but it does not directly affect the quality or completeness of the risk register.

IT risk is not linked with IT assets means that the risk register does not associate the identified risks with the specific IT resources, such as hardware, software, data, or services, that are affected by or contribute to the risks. This may limit the visibility and traceability of the risks, but it does not necessarily affect the identification or assessment of the risks. References = Risk and Information Systems Control Study Manual, 7th Edition, Chapter 1, Section 1.2.2.2, pp. 21-22.

Actual exam question for Isaca CRISC exam by Talon63494 at Mar 29, 2026, 4:25:20 PM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Isaca Certified in Risk and Information Systems Control CRISC Question # 430 Topic 44 Discussion

Isaca Certified in Risk and Information Systems Control CRISC Question # 430 Topic 44 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Isaca Certified in Risk and Information Systems Control CRISC Question # 430 Topic 44 Discussion

Isaca Certified in Risk and Information Systems Control CRISC Question # 430 Topic 44 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval