Measurement of an Organization's Risk Management Maturity Level

A.

The best measurement of an organization's risk management maturity level can be determined by using a maturity model. A maturity model assesses an organization's capabilities and processes against a set of best practices and benchmarks.

Out of the options given, the best measurement of an organization's risk management maturity level is D, the results of a gap analysis. A gap analysis compares an organization's current level of performance against a desired level of performance. This process can help identify gaps in an organization's risk management practices and highlight areas that need improvement.

By conducting a gap analysis, an organization can identify areas where it needs to invest in resources, training, and infrastructure to improve its risk management maturity. The results of a gap analysis can also provide a baseline against which an organization can measure its progress and monitor its maturity over time.

A, IT alignment to business objectives, is important, but it only assesses the alignment of IT with business objectives and does not provide a comprehensive assessment of risk management maturity.

B, Level of residual risk, is not an accurate measurement of risk management maturity because it only provides information about the level of risk remaining after controls have been implemented. It does not take into account the effectiveness or efficiency of those controls.

C, Key risk indicators (KRIs), are important for measuring and monitoring risk, but they only provide a snapshot of an organization's risk posture at a given point in time. They do not provide a comprehensive assessment of risk management maturity.