nerdexam
Isaca

CDPSE · Question #208

Which of the following statements is true about compliance risk?

The correct answer is B. Compliance risk is just another risk that needs to be measured.. Compliance risk is simply one category within an organization's broader risk landscape, meaning it must be identified, assessed, and managed like any other risk - making B correct. Option A is wrong because compliance risk cannot be reduced to a cost-benefit calculation; legal an

Privacy Governance

Question

Which of the following statements is true about compliance risk?

Options

  • ACompliance risk can be tolerated when fines cost less than controls.
  • BCompliance risk is just another risk that needs to be measured.
  • CCompliance risk can never be tolerated.
  • DCompliance risk can be tolerated when it is optional.

How the community answered

(29 responses)
  • A
    3% (1)
  • B
    86% (25)
  • C
    10% (3)

Explanation

Compliance risk is simply one category within an organization's broader risk landscape, meaning it must be identified, assessed, and managed like any other risk - making B correct. Option A is wrong because compliance risk cannot be reduced to a cost-benefit calculation; legal and regulatory obligations exist regardless of fine amounts. Option C overstates the case - "never tolerated" is too absolute, since some low-level compliance gaps may be accepted with proper documentation and controls. Option D is a trap: "optional" compliance doesn't exist in a meaningful sense, since regulations are external requirements, not choices.

Memory tip: Think of compliance risk as a type of risk, not a special risk - it lives on the same risk register as operational or financial risk and gets the same treatment: measure it, manage it, report it.

Topics

#Compliance Risk#Risk Measurement#Risk Tolerance

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice