Certified in Risk and Information Systems Control (CRISC) Practice Test

Governance in risk management is primarily applied through oversight committees. These committees play a critical role in establishing and enforcing a framework for risk management processes within an organization. They ensure that risks are identified, assessed, and managed effectively in alignment with the organization's objectives and regulatory requirements.

Oversight committees are responsible for overseeing risk management strategies, reviewing risk reports, and ensuring compliance with applicable laws and regulations. They facilitate communication between various stakeholders, providing a structured approach to decision-making regarding both risk and governance.

The other options, while they do have roles in risk management, do not encapsulate the overarching governance structure as effectively as oversight committees do. Regulatory reviews involve assessments by external parties, mandatory training programs focus more on employee development than governance structure, and annual risk assessments are specific evaluations rather than continuous governance mechanisms. Thus, oversight committees represent a foundational aspect of effective governance in risk management.