CRISC Certified in Risk and Information Systems Control – Question036

What are the two MAJOR factors to be considered while deciding risk appetite level? Each correct answer represents a part of the solution. Choose two.

A.
The amount of loss the enterprise wants to accept
B. Alignment with risk-culture
C. Risk-aware decisions
D. The capacity of the enterprise's objective to absorb loss.

Correct Answer: AD

Explanation:

Explanation:
Risk appetite is the amount of risk a company or other entity is willing to accept in pursuit of its mission. This is the responsibility of the board to decide risk appetite of an enterprise. When considering the risk appetite levels for the enterprise, the following two major factors should be taken into account: The enterprise’s objective capacity to absorb loss, e.g., financial loss, reputation damage, etc. The culture towards risk taking-cautious or aggressive. In other words, the amount of loss the enterprise wants to accept in pursue of its objective fulfillment.
Incorrect Answers:
B: Alignment with risk-culture is also one of the factors but is not as important as these two.
C: Risk aware decision is not the factor, but is the result which uses risk appetite information as its input.