Certified in Risk and Information Systems Control (CRISC) — Question 1260

Which of the following would MOST likely cause senior management to lower the risk tolerance level?

Answer options

• A. Organizational restructuring
• B. Increase in penalties for unauthorized data disclosure
• C. Outsourcing of in-house software development
• D. Decrease in budget allocated for risk mitigation activities

Correct answer: B

Explanation

An increase in penalties for unauthorized data disclosure raises the stakes for the organization, prompting senior management to lower risk tolerance to avoid potential financial and reputational damage. The other options may affect risk management strategies but do not directly influence the perception of risk associated with compliance and penalties as significantly as option B does.