In order to determining a risk is under-controlled the risk practitioner will need to
A.
understand the risk tolerance
B.
monitor and evaluate IT performance
C.
identify risk management best practices
D.
determine the sufficiency of the IT risk budget
The Answer Is:
A
This question includes an explanation.
Explanation:
To determine if a risk is under-controlled, the risk practitioner will need to understand the risk tolerance. Risk tolerance is the acceptable or allowable level of variation or deviation from the expected or desired outcomes or objectives. Risk tolerance reflects the amount and type of risk that the organization is willing and able to take. A risk is under-controlled when the risk exposure exceeds the risk tolerance, meaning that the organization is taking on more risk than it can handle or afford. Therefore, the risk practitioner will need to understand the risk tolerance to compare it with the risk exposure and identify the gap or difference. The other options are not as relevant as understanding the risk tolerance, as they are related to the monitoring, identification, or determination of the risk or the IT performance, not the comparison or evaluation of therisk. References = Risk and Information Systems Control Study Manual, Chapter 2: IT Risk Assessment, Section 2.4: IT Risk Response, page 87.
CRISC PDF/Engine
Printable Format
Value of Money
100% Pass Assurance
Verified Answers
Researched by Industry Experts
Based on Real Exams Scenarios
100% Real Questions
Get 60% Discount on All Products,
Use Coupon: "8w52ceb345"