CRISC · Question #41
CRISC Question #41: Real Exam Question with Answer & Explanation
The correct answer is A: Identify new threats resorting from the new business strategy. When an organization adopts an aggressive business strategy, the immediate next step in risk management is to identify the new threats introduced by this strategy.
Question
An organization is considering the adoption of an aggressive business strategy to achieve desired growth From a risk management perspective what should the risk practitioner do NEXT?
Options
- AIdentify new threats resorting from the new business strategy
- BUpdate risk awareness training to reflect current levels of risk appetite and tolerance
- CInform the board of potential risk scenarios associated with aggressive business strategies
- DIncrease the scale for measuring impact due to threat materialization
Explanation
When an organization adopts an aggressive business strategy, the immediate next step in risk management is to identify the new threats introduced by this strategy.
Common mistakes.
- B. Updating risk awareness training is a subsequent step after new risks have been identified and the risk appetite/tolerance has been re-evaluated, not the immediate next action.
- C. Informing the board is an important communication step, but it typically occurs after new risks have been initially identified and assessed, providing concrete scenarios rather than just a general warning.
- D. Increasing the scale for measuring impact might be necessary eventually, but it's a modification to the risk assessment framework, not the immediate action to address new risks from a new strategy.
Concept tested. Risk identification process after strategic change
Reference. https://www.iso.org/standard/65005.html
Topics
Community Discussion
No community discussion yet for this question.