CRISC Certified in Risk and Information Systems Control – Question046

A part of a project deals with the hardware work. As a project manager, you have decided to hire a company to deal with all hardware work on the project. Which type of risk response is this?

A.
Transference
B. Mitigation
C. Avoidance
D. Exploit

Correct Answer: A

Explanation:

Explanation: When you are hiring a third party to own risk, it is known as transference risk response. Risk transfer means that impact of risk is reduced by transferring or otherwise sharing a portion of the risk with an external organization or another internal entity. Transfer of risk can occur in many forms but is most effective when dealing with financial risks.
Insurance is one form of risk transfer.
Incorrect Answers:
B: The act of spending money to reduce a risk probability and impact is known as mitigation.
C: When extra activities are introduced into the project to avoid the risk, this is an example of avoidance.
D: Exploit is a strategy that may be selected for risks with positive impacts where the organization wishes to ensure that the opportunity is realized.