Which of the following is the BEST indication of an effective risk management program?
A. Risk action plans are approved by senior management
B. Mitigating controls are designed and implemented
C. Residual risk is within the organizational risk appetite
D. Risk is recorded and tracked in the risk register
A. Risk action plans are approved by senior management
B. Mitigating controls are designed and implemented
C. Residual risk is within the organizational risk appetite
D. Risk is recorded and tracked in the risk register