Certified in Risk and Information Systems Control (CRISC) — Question 1246

An organization's risk profile indicates that residual risk levels have fallen significantly below management's risk appetite. Which of the following is the BEST course of action?

Answer options

• A. Add more risk scenarios to the risk register.
• B. Decrease monitoring of residual risk levels.
• C. Optimize controls.
• D. Increase risk appetite.

Correct answer: C

Explanation

The correct answer is C because optimizing controls ensures that the organization maintains effective risk management practices, especially when residual risks are lower than expected. Adding more risk scenarios (A) or decreasing monitoring (B) would not address the current situation effectively, and increasing risk appetite (D) could lead to unnecessary exposure to risks.