CISM Certified Information Security Manager – Question0249

Which of the following risks is represented in the risk appetite of an organization?

A.
Control
B. Inherent
C. Residual
D. Audit

Correct Answer: C

Explanation:

Explanation:
Residual risk is unmanaged, i.e., inherent risk which remains uncontrolled. This is key to the organization’s risk appetite and is the amount of residual risk that a business is living with that affects its viability. Hence, inherent risk is incorrect. Control risk, the potential for controls to fail, and audit risk, which relates only to audit’s approach to their work, are not relevant in this context.