Certified in Risk and Information Systems Control (CRISC) — Question 134
You and your project team are identifying the risks that may exist within your project. Some of the risks are small risks that won't affect your project much if they happen. What should you do with these identified risk events?
Answer options
- A. These risks can be dismissed.
- B. These risks can be accepted.
- C. These risks can be added to a low priority risk watch list.
- D. All risks must have a valid, documented risk response.
Correct answer: C
Explanation
The correct answer is C because adding low-impact risks to a low priority risk watch list allows for monitoring without dedicating excessive resources. Option A is incorrect as dismissing risks can lead to oversight, and B is misleading since acceptance implies a proactive approach rather than just monitoring. Option D is inaccurate for low-impact risks that do not require formal responses.