Certified Information Systems Auditor (CISA) — Question 742

Which risk response has been adopted by a risk owner postponing the implementation of proper controls due to budget constraints?

Answer options

• A. Transfer
• B. Acceptance
• C. Avoidance
• D. Mitigation

Correct answer: B

Explanation

The correct answer is 'Acceptance' because it refers to the decision to acknowledge the risk and delay action due to budget constraints. 'Transfer' involves shifting the risk to another party, 'Avoidance' means eliminating the risk entirely, and 'Mitigation' involves taking steps to reduce the impact or likelihood of the risk, which doesn't apply in this scenario.