CRISC Certified in Risk and Information Systems Control – Question208
Judy has identified a risk event in her project that will have a high probability and a high impact. Based on the requirements of the project, Judy has asked to change the project scope to remove the associated requirement and the associated risk. What type of risk response is this? A. Exploit B. Not a risk response, but a change request C. Avoidance D. Transference
Correct Answer: C
Explanation:
Explanation:
Risk avoidance involves changing the project management plan to eliminate the threat entirely. The project manager may also isolate the project objectives from the risk’s impact or change the objective that is in jeopardy. Examples of this include extending the schedule, changing the strategy, or reducing the scope. The most radical avoidance strategy is to shut down the project entirely. Some risks that arise early in the project can be avoided by clarifying requirements, obtaining information, improving communication, or acquiring expertise.
Incorrect Answers:
A: Exploit risk response is used for positive risk or opportunity, not for negative risk.
B: This risk response does require a change request, in some instances, but it’s the avoidance risk response and not just a change request.
D: Transference allows the risk to be transferred, not removed from the project, to a third party. Transference usually requires a contractual relationship with the third party.
Please disable your adblocker or whitelist this site!