Certified in Risk and Information Systems Control (CRISC) — Question 1138

Which of the following is MOST likely to result in a major change to the overall risk profile of the organization?

Answer options

• A. Changes in internal and external auditors
• B. Changes in vulnerability assessment and penetration testing
• C. Changes in risk appetite and risk tolerance
• D. Changes in internal and external risk factors

Correct answer: C

Explanation

The correct answer is C because changes in risk appetite and risk tolerance directly influence how an organization perceives and manages risk, thereby altering its risk profile. The other options, while relevant to risk management, do not have as profound an impact on the overall risk profile as changes in risk appetite and tolerance do.