CRISC Certified in Risk and Information Systems Control – Question098
You are working on a project in an enterprise. Some part of your project requires e-commerce, but your enterprise choose not to engage in e-commerce. This scenario is demonstrating which of the following form? A. risk avoidance B. risk treatment C. risk acceptance D. risk transfer
Correct Answer: A
Explanation:
Explanation: Each business process involves inherent risk. Not engaging in any activity avoids the inherent risk associated with the activity. Hence this demonstrates risk avoidance.
Incorrect Answers:
B: Risk treatment means that action is taken to reduce the frequency and impact of a risk.
C: Acceptance means that no action is taken relative to a particular risk, and loss is accepted when/if it occurs. This is different from being ignorant of risk; accepting risk assumes that the risk is known, i.e., an informed decision has been made by management to accept it as such.
D: Risk transfer/sharing means reducing either risk frequency or impact by transferring or otherwise sharing a portion of the risk. Common techniques include insurance and outsourcing. These techniques do not relieve an enterprise of a risk, but can involve the skills of another party in managing the risk and reducing the financial consequence if an adverse event occurs.
Please disable your adblocker or whitelist this site!