CRISC Certified in Risk and Information Systems Control – Question111
You are the risk official of your enterprise. You have just completed risk analysis process. You noticed that the risk level associated with your project is less than risk tolerance level of your enterprise. Which of following is the MOST likely action you should take? A. Apply risk response B. Update risk register C. No action D. Prioritize risk response options
Correct Answer: C
Explanation:
Explanation: When the risk level is less than risk tolerance level of the enterprise than no action is taken against that, because the cost of mitigation will increase over its benefits.
Incorrect Answers:
A: This is not a valid answer, as no response is being applied to such low risk level.
B: Risk register is updates after applying response, and as no response is applied to such low risk level; hence no updating is done.
D: This is not a valid answer, as no response is being applied to such low risk level.
Please disable your adblocker or whitelist this site!