CRISC Question #302: Real Exam Question with Answer & Explanation

Question

Optimized risk management is achieved when risk is reduced:

Options

• Awith strategic initiatives.
• Bto meet risk appetite.
• Cwithin resource availability.
• Dbelow risk appetite.

Explanation

Optimized risk management focuses on reducing risk to a level that aligns with the organization's defined risk appetite.

Common mistakes.

• A. While strategic initiatives might contribute to risk reduction, the primary goal of optimized risk management is not merely using initiatives, but achieving an acceptable risk level.
• C. Reducing risk within resource availability is a practical constraint, but it doesn't define the optimal target for risk reduction; the target is defined by risk appetite.
• D. Reducing risk below risk appetite might be possible but is often inefficient and costly, as it implies spending more resources than necessary to achieve an acceptable risk level.

Concept tested. Optimized risk management and risk appetite

Reference. https://www.isaca.org/resources/isaca-journal/issues/2021/volume-3/governing-risk-appetite

No community discussion yet for this question.