A system analyst is reviewing risk documents and noticed that the date of many risks...

The correct answer is A — A process to reassess risks on a defined schedule.

Based on the WGU Cybersecurity Architecture and Engineering (KFO1 / D488) Study Guide, risks must be reassessed periodically because the threat landscape, organizational assets, and business processes evolve over time. Risks identified years ago might have changed in likelihood, impact, or may have been mitigated already. Therefore, it is essential to establish a formal process for periodic risk review and reassessment to maintain accurate and actionable risk profiles.

Availability of risk documents (B), methods of capture (C), and leadership involvement in scoring (D) are important, but they do not directly address the primary issue of outdated risk assessments.

Reference Extract from Study Guide:

"Organizations must implement a periodic review and reassessment process for risks to ensure that risk profiles reflect the current threat environment, organizational changes, and mitigation efforts."

— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Risk Management Framework