Isaca Updated CRISC Exam Questions and Answers by savanna

Senior management involvement is a critical driver for the success of any risk management program. Without their engagement, there is a lack of strategic oversight, resource allocation, and prioritization of risk management initiatives, directly impacting the organization's ability to meet risk objectives. This is emphasized in theGovernance Principlesof CRISC.

Key risk indicators (KRIs) are metrics that help organizations monitor and assess potential risks that may impact their operations, financial health, or overall performance1. KRIs should have certain characteristics that make them effective for risk monitoring, such as:

Ability to measure the right thing (e.g., supports the decisions that need to be made)

Quantifiable (e.g., damages in dollars of profit loss)

Capability to be measured precisely and accurately

Relevant (measuring the right thing associated with decisions)2

Among the four options given, only option C (sensitivity to changes in risk levels) best enables effective risk monitoring. This is because KRIs should be able to capture the changes in risk levels over time and alert organizations to emerging or escalating risks3. A high sensitivity to changes in risk levels indicates that theKRI is responsive and timely, and can help organizations take preventive or corrective actions before the risks become too severe.

References = Key Risk Indicators: A Practical Guide, Key Risk Indicators: Examples & Definitions, Key Risk Indicators - Wikipedia

Continuous monitoring systems automatically track key control indicators (KCIs) and risk metrics in real-time, enabling early identification of anomalies or emerging risks.

ISACA CRISC states:

“Continuous monitoring allows the enterprise to identify deviations and emerging risk conditions in a timely manner to take proactive corrective actions.”

Benchmarking and stakeholder mapping are secondary benefits.

Thus, A. Enables timely detection of emerging risk is correct.

CRISC Reference: Domain 4 – Risk and Control Monitoring and Reporting, Topic: Continuous Monitoring Benefits.