CompTIA CASP+ (CAS-003) — Question 241

The Chief Executive Officer (CEO) of a company has considered implementing a cost-saving measure that might result in new risk to the company. When deciding whether to implement this measure, which of the following would be the BEST course of action to manage the organization's risk?

Answer options

• A. Present the detailed risk resulting from the change to the company's board of directors
• B. Pilot new mitigations that cost less than the total amount saved by the change
• C. Modify policies and standards to discourage future changes that increase risk
• D. Capture the risk in a prioritized register that is shared routinely with the CEO

Correct answer: D

Explanation

The best approach is to capture the risk in a prioritized register that is routinely shared with the CEO, as this ensures ongoing awareness and management of the risks. Presenting to the board (A) is important but may not be as effective for continuous risk management. Piloting mitigations (B) and modifying policies (C) do not address the need for consistent risk tracking and communication.