Certified in Risk and Information Systems Control (CRISC) — Question 1301

Which among the following acts as a trigger for risk response process?

Answer options

• A. Risk level increases above risk appetite
• B. Risk level increase above risk tolerance
• C. Risk level equates risk appetite
• D. Risk level equates the risk tolerance

Correct answer: B

Explanation

The correct answer is B because a risk level that exceeds the risk tolerance indicates that the organization is facing a risk that needs to be addressed. Options A, C, and D do not trigger the risk response process as they either indicate acceptable levels of risk or do not exceed tolerances.