Which of the following BEST demonstrates to an IS auditor that an organization has implemented effective risk management processes?
A . Critical business assets have additional controls.
B . The risk register is reviewed periodically.
C . A business impact analysis (BIA) has been completed.
D . The inventory of IT assets includes asset classification.
Answer: B