CRISC Certified in Risk and Information Systems Control – Question182
Which of the following should be considered to ensure that risk responses that are adopted are cost-effective and are aligned with business objectives? Each correct answer represents a part of the solution. Choose three. A. Identify the risk in business terms B. Recognize the business risk appetite C. Adopt only pre-defined risk responses of business D. Follow an integrated approach in business
Correct Answer: ABD
Explanation:
Explanation:
Risk responses require a formal approach to issues, opportunities and events to ensure that solutions are cost-effective and are aligned with business objectives. The following should be considered:
While preparing the risk response, identify the risk in business terms like loss of productivity, disclosure of confidential information, lost opportunity costs, etc.
Recognize the business risk appetite.
Follow an integrated approach in business.
Risk responses requiring an investment should be supported by a carefully planned business case that justifies the expenditure outlines alternatives and describes the justification for the alternative selected.
Incorrect Answers:
C: There is no such requirement to follow the pre-defined risk responses. If some new risk responses are discovered during the risk management of a particular project, they should be noted down in lesson leaned document so that project manager working on some other project could also utilize them.
Please disable your adblocker or whitelist this site!