Which TWO outcomes indicate that a risk assessment process is effective?
Effective assessment produces actionable priorities.
Why this answer
Option B is correct because an effective risk assessment must produce prioritized findings that directly inform risk treatment decisions. Without clear prioritization (e.g., based on inherent risk scores or likelihood/impact ratings), the organization cannot allocate resources efficiently or select appropriate controls. The CRISC framework emphasizes that the output of risk assessment is actionable intelligence, not just a list of risks.
Exam trap
The trap here is that candidates confuse the goal of risk assessment (producing prioritized, decision-ready findings) with other risk management activities like risk identification (A), risk monitoring (D), or compliance (E), leading them to select options that sound desirable but do not directly measure assessment effectiveness.