Certified in Risk and Information Systems Control (CRISC) — Question 1

David is the project manager of the HRC Project. He has identified a risk in the project, which could cause the delay in the project. David does not want this risk event to happen so he takes few actions to ensure that the risk event will not happen. These extra steps, however, cost the project an additional $10,000. What type of risk response has David adopted?

Answer options

• A. Avoidance
• B. Mitigation
• C. Acceptance
• D. Transfer

Correct answer: A

Explanation

David is implementing avoidance as he is taking proactive steps to eliminate the risk entirely, even though it incurs additional costs. Mitigation involves reducing the impact or likelihood of a risk, but here, the focus is on preventing the risk altogether. Acceptance means acknowledging the risk without taking action, and transfer refers to shifting the risk to another party, neither of which apply in this scenario.