What is the PRIMARY purpose of risk reporting within an organization's risk management strategy?
To allocate the annual budget for the information security department.
To document and communicate the identified risks to stakeholders responsible for decision-making.
To enforce regulatory compliance and avoid potential legal penalties.
To execute the deployment of technical controls across the organization's network.