Certified in Risk and Information Systems Control (CRISC) — Question 1229

An operations manager has requested risk acceptance after the execution of a mitigation plan has failed. Which of the following is the risk practitioner's BEST response?

Answer options

• A. Ask the risk owner to review the request.
• B. Document the risk acceptance in the risk register.
• C. Reassess the risk scenario associated with the action plan.
• D. Adjust the organization's risk profile by the amount of risk accepted.

Correct answer: A

Explanation

The best response is to ask the risk owner to review the request because they are ultimately responsible for the risk and its acceptance. Documenting the risk acceptance is important, but it should come after receiving approval from the risk owner. Reassessing the risk scenario and adjusting the risk profile are not immediate responses to the manager's request.