Best Action for Dealing with False Positives in Risk Reports

C.

The best option to address the situation where the risk committee is overwhelmed by the number of false positives included in risk reports is to evaluate key risk indicators (KRIs), option A.

KRIs are measurable parameters used to detect and monitor the level of risk exposure in an organization. By evaluating KRIs, organizations can identify which metrics are contributing to the high number of false positives, and refine their risk management processes accordingly.

Adjusting the IT balanced scorecard (option B) may not be the most effective solution, as this may not address the root cause of the issue. The balanced scorecard typically includes performance metrics and may not directly contribute to identifying false positives.

Conducting a risk assessment (option C) is also an important part of risk management, but it may not be the most effective option in this case as it may not directly address the issue of false positives in the risk reports.

Changing the reporting format (option D) could be a useful solution, but it may not be enough to address the root cause of the problem. Changing the reporting format could help the risk committee to identify and filter out false positives, but it may not provide a long-term solution to reduce the number of false positives.

In summary, evaluating key risk indicators (option A) would be the most effective option to address the situation where the risk committee is overwhelmed by the number of false positives included in risk reports. This would allow the organization to identify and address the root cause of the problem and refine their risk management processes accordingly.