Integration of IT risk management into enterprise-wide risk management ensures that IT-related risks arenot treated in isolationbut are included in the overallcorporate risk profile, reflecting their true impact on strategic and operational objectives.

According to the CRISC manual and ISACA’s Risk IT Framework:

IT risk is asubsetof enterprise risk and must be managed as part of the overall operational risk context.

Integrating IT risk management ensuresrisk aggregation and visibilityat the enterprise level, allowing accurate reporting to senior management and the board.

Supporting extract (CRISC Slide 32–33):

“The most important aspect for an effective IT risk management process is aligning with enterprise risk management. The primary goal of an enterprise’s IT risk management process is to protect the enterprise and its ability to perform its mission.”

This integration allows:

Inclusion of IT risk scenarios (e.g., data breaches, system outages) in overall enterprise risk assessments.

Unified reporting to management for strategic decisions.

A common language and tolerance level for all risk types.

Hence,D. To ensure IT risk scenarios are reflected in the corporate risk profileis the correct answer.