Certified Internal Auditor (CIA) Part 1: Business Acumen — Question 9

Management has decided to invest significant capital in a new and innovative large computer system. They understand that they are one of the first organizations to implement this system, but they believe the benefits outweigh the uncertainty over the performance and reliability of the software. This decision best describes which aspect of risk management?

Answer options

• A. Risk appetite.
• B. Risk tolerance.
• C. Residual risk.
• D. Inherent risk.

Correct answer: A

Explanation

The correct answer is A, Risk appetite, as it reflects the organization's willingness to take on risk for potential benefits. Risk tolerance (B) refers to the specific amount of risk the organization can handle, while residual risk (C) pertains to the remaining risk after mitigation strategies are applied. Inherent risk (D) refers to the level of risk that exists before any controls are implemented.