Certified Governance Risk and Compliance (CGRC) Practice Exam 2025 - Free CGRC Practice Questions and Study Guide

The risk management plan is the document that typically outlines the methodology for identifying and managing risks. It serves as a comprehensive guide, detailing the processes, techniques, and tools that an organization will use to assess and mitigate risks throughout a project or operation. This plan includes aspects such as risk identification methods, risk analysis procedures, the criteria for risk evaluation, and the monitoring and reviewing processes.

While a risk register is a living document that tracks identified risks along with their assessments and response strategies, it does not encompass the overall methodology for managing those risks. A risk assessment report provides insights on specific risks identified during an assessment but lacks the broader procedural context that the risk management plan provides. The project scope statement focuses on defining the project's boundaries and deliverables rather than risk management methodologies, making it less relevant in this context. Thus, the risk management plan is the most appropriate answer as it directly encompasses the structured approach to managing risks effectively.