Certified in Risk and Information Systems Control (CRISC) — Question 1081

Which of the following scenarios is MOST likely to cause a risk practitioner to request a formal risk acceptance sign-off?

Answer options

• A. Residual risk in excess of the risk appetite cannot be mitigated.
• B. Risk appetite has changed to align with organizational objectives.
• C. Residual risk remains at the same level over time without further mitigation.
• D. Inherent risk is too high, resulting in the cancellation of an initiative.

Correct answer: A

Explanation

The correct answer is A because when the residual risk exceeds the organization's risk appetite and cannot be reduced, a formal sign-off is necessary to acknowledge acceptance of that risk. The other options do not indicate a scenario requiring formal acceptance; they either relate to changes in appetite or risk levels that do not necessitate immediate sign-off.