Certified in Risk and Information Systems Control (CRISC) — Question 1067

You are the project manager of RFT project. You have identified a risk that the enterprise's IT system and application landscape is so complex that, within a few years, extending capacity will become difficult and maintaining software will become very expensive. To overcome this risk, the response adopted is re- architecture of the existing system and purchase of new integrated system. In which of the following risk prioritization options would this case be categorized?

Answer options

• A. Deferrals
• B. Quick win
• C. Business case to be made
• D. Contagious risk

Correct answer: C

Explanation

The situation falls under 'Business case to be made' because it involves significant changes to the system that require justifying the costs and benefits of the new architecture and integrated system. The other options do not apply here: 'Deferrals' suggests postponing action, 'Quick win' implies an easy solution, and 'Contagious risk' pertains to risks that spread to other areas, none of which accurately describe the need for a comprehensive approach in this scenario.