CRISC Question #207: Real Exam Question with Answer & Explanation

Question

Which of the following is the PRIMARY objective of establishing an organization's risk tolerance and appetite?

Options

• ATo align with board reporting requirements
• BTo assist management in decision making
• CTo create organization-wide risk awareness
• DTo minimize risk mitigation efforts

Explanation

The primary objective of establishing an organization's risk tolerance and appetite is to guide management in making informed decisions.

Common mistakes.

• A. Aligning with board reporting requirements is an important outcome of risk governance, but it is a secondary benefit rather than the primary objective of defining risk tolerance and appetite.
• C. While creating organization-wide risk awareness is a positive byproduct, the core purpose of setting these parameters is to provide concrete guidelines for specific decision-making, not just general awareness.
• D. The objective is not to simply minimize risk mitigation efforts, but rather to optimize them to manage risks within defined acceptable limits, which might involve significant effort depending on the risk.

Concept tested. Risk appetite and tolerance for decision support

Reference. https://learn.microsoft.com/en-us/compliance/regulatory/risk-management-framework-overview

No community discussion yet for this question.