Certified in Risk and Information Systems Control (CRISC) — Question 1113

Optimized risk management is achieved when risk is reduced:

Answer options

• A. with strategic initiatives.
• B. within resource availability.
• C. below risk appetite.
• D. to meet risk appetite.

Correct answer: D

Explanation

The correct answer is D because optimized risk management aims to align risk levels with the organization's risk appetite, ensuring that risks are acceptable. Option A focuses on strategic initiatives, which may not directly address risk levels. Option B considers resource availability, which is important but not the main goal of risk management. Option C suggests reducing risk below appetite, which can lead to unnecessary limitations.