Certified Information Systems Auditor (CISA) — Question 1353

A PRIMARY objective of risk management is to keep the total cost of risks below the:

Answer options

• A. estimated amount of losses included in the firm's budget.
• B. amount of losses that would materially damage the firm.
• C. costs of loss prevention measures, such as physical security measures.
• D. administrative costs of risk management.

Correct answer: B

Explanation

The correct answer, B, emphasizes the importance of keeping potential losses under control to avoid significant harm to the firm. Options A and C focus on budget and prevention costs, which are secondary considerations, while option D pertains to administrative costs, which do not directly relate to the impact of risk on the firm.