Certified in Risk and Information Systems Control (CRISC) — Question 1251

Before selecting a final risk response option for a given risk scenario, management should FIRST:

Answer options

• A. determine the remediation timeline.
• B. evaluate the risk response of similar sized organizations.
• C. determine control ownership.
• D. evaluate the organization’s ability to implement the solution.

Correct answer: D

Explanation

The correct answer is D because understanding the organization’s ability to implement a solution is crucial for effective risk management. Options A, B, and C are important but should follow the assessment of implementation capability since a feasible response is critical to managing risks effectively.