Question 78
Main Page
In your organization’s governance review, you discover no policy defines how risks are communicated. What is the most appropriate corrective step?
A. Forward alerts directly to executives
B. Implement an informal Slack channel for issues
C. Develop a formal risk communication plan
D. Send email updates on all threats
Answer: C. Develop a formal risk communication plan
Risk communication must be structured, timely, and role-specific to ensure proper escalation and decision-making.