Which among the following is the BEST reason for defining a risk response?

A. To eliminate risk from the enterprise

B. To ensure that the residual risk is within the limits of the risk appetite and tolerance

C. To overview current status of risk

D. To mitigate risk








 

Suggested Answer: B

The purpose of defining a risk response is to ensure that the residual risk is within the limits of the risk appetite and tolerance of the enterprise. Risk response is based on selecting the correct, prioritized response to risk, based on the level of risk, the enterprise's risk tolerance and the cost or benefit of the particular risk response option.
Incorrect Answers:
A: Risk cannot be completely eliminated from the enterprise.
C: This is not a valid answer.
D: Mitigation of risk is itself the risk response process, not the reason behind this.

This question is in CRISC exam 
For getting Risk and Information Systems Control Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by ISACA.
The website does not contain actual questions and answers from ISACA's Certification Exams.
Trademarks, certification & product names are used for reference only and belong to ISACA.