CRISC Certified in Risk and Information Systems Control – Question359

You are working in an enterprise. Your enterprise is willing to accept a certain amount of risk. What is this risk called?

A.
Hedging
B. Aversion
C. Appetite
D. Tolerance

Correct Answer: C

Explanation:

Explanation:
Risk appetite considers the qualitative and quantitative aspects of accepting risks in an organization. The term refers to the type of risks the organization is willing to pursue, as well as amount of risk and the level of risk.
Risk appetite is the amount of risk a company or other entity is willing to accept in pursuit of its mission. This is the responsibility of the board to decide risk appetite of an enterprise. When considering the risk appetite levels for the enterprise, the following two major factors should be taken into account:

  • The enterprise’s objective capacity to absorb loss, e.g., financial loss, reputation damage, etc.
  • The culture towards risk taking-cautious or aggressive. In other words, the amount of loss the enterprise wants to accept in pursue of its objective fulfillment.

Incorrect Answers: A, B: Aversion and hedging are related to each other and represents the avoidance of risk within the organization.
D: The acceptable variation relative to the achievement of an objective is termed as risk tolerance. In other words, risk tolerance is the acceptable deviation from the level set by the risk appetite and business objectives. Risk tolerance is defined at the enterprise level by the board and clearly communicated to all stakeholders. A process should be in place to review and approve any exceptions to such standards.