Certified in Risk and Information Systems Control (CRISC) — Question 1362

Which of the following describes the relationship between risk appetite and risk tolerance?

Answer options

• A. Risk tolerance is used to determine risk appetite.
• B. Risk tolerance may exceed risk appetite.
• C. Risk appetite is completely independent of risk tolerance.
• D. Risk appetite and risk tolerance are synonymous.

Correct answer: B

Explanation

The correct answer is B because risk tolerance can indeed surpass risk appetite, indicating that an individual or organization may be willing to accept more risk than their stated appetite. A is incorrect as risk tolerance is a measure that helps inform risk appetite, not the other way around. C is false since both concepts are interrelated, and D is incorrect because they are not synonyms; they represent different aspects of risk management.