Certified in Risk and Information Systems Control (CRISC) — Question 1270

Which of the following is an example of risk sharing?

Answer options

• A. Rejecting a high-risk project
• B. Outsourcing the hosting of a critical system
• C. Investing in fault-tolerant technology
• D. Engaging in a code escrow agreement

Correct answer: D

Explanation

The correct answer is D, as a code escrow agreement allows for the sharing of risk between parties by ensuring that source code is accessible in case of vendor failure. Option A is not risk sharing, but rather avoiding risk. Option B involves outsourcing but does not inherently distribute risk among stakeholders. Option C focuses on technology investment rather than sharing risk with others.