CRISC Certified in Risk and Information Systems Control – Question228

Which among the following is the BEST reason for defining a risk response?

A.
To eliminate risk from the enterprise
B. To ensure that the residual risk is within the limits of the risk appetite and tolerance
C. To overview current status of risk
D. To mitigate risk

Correct Answer: B

Explanation:

Explanation:
The purpose of defining a risk response is to ensure that the residual risk is within the limits of the risk appetite and tolerance of the enterprise. Risk response is based on selecting the correct, prioritized response to risk, based on the level of risk, the enterprise’s risk tolerance and the cost or benefit of the particular risk response option.
Incorrect Answers:
A: Risk cannot be completely eliminated from the enterprise.
C: This is not a valid answer.
D: Mitigation of risk is itself the risk response process, not the reason behind this.