CRISC Question #100: Real Exam Question with Answer & Explanation

Question

The objective of aligning mitigating controls to risk appetite is to ensure that:

Options

• Aexposures are reduced to the fullest extent
• Bexposures are reduced only for critical business systems
• Cinsurance costs are minimized
• Dthe cost of controls does not exceed the expected loss.

Explanation

Aligning mitigating controls with risk appetite aims to optimize resource allocation by ensuring that the cost of implementing and maintaining controls does not outweigh the financial benefits of reducing the expected loss from potential risk events. This reflects a cost-benefit driven approach to risk management.

Common mistakes.

• A. Reducing exposures to the fullest extent is often neither practical nor cost-effective and typically exceeds an organization's defined risk appetite, which acknowledges some level of acceptable risk.
• B. While critical business systems are a priority, risk appetite applies across the organization, and the objective is to manage risks for all assets in scope to the defined appetite, not just critical systems.
• C. While effective controls can sometimes influence insurance premiums, minimizing insurance costs is a potential secondary benefit, not the primary objective of aligning controls with risk appetite, which is about managing internal risk exposure directly.

Concept tested. Risk appetite and control cost-effectiveness

No community discussion yet for this question.