CRISC Certified in Risk and Information Systems Control – Question354
When a risk cannot be sufficiently mitigated through manual or automatic controls, which of the following options will BEST protect the enterprise from the potential financial impact of the risk? A. Updating the IT risk registry B. Insuring against the risk C. Outsourcing the related business process to a third party D. Improving staff-training in the risk area
Correct Answer: B
Explanation:
Explanation: An insurance policy can compensate the enterprise up to 100% by transferring the risk to another company. Hence in this stem risk is being transferred.
Incorrect Answers:
A: Updating the risk registry (with lower values for impact and probability) will not actually change the risk, only management’s perception of it.
C: Outsourcing the process containing the risk does not necessarily remove or change the risk. While on other hand, insurance will completely remove the risk.
D: Staff capacity to detect or mitigate the risk may potentially reduce the financial impact, but insurance allows for the risk to be mitigated up to 100%.
Please disable your adblocker or whitelist this site!