Certified in Risk and Information Systems Control (CRISC) — Question 1389

Risk mitigation is MOST effective when which of the following is optimized?

Answer options

• A. Inherent risk
• B. Residual risk
• C. Operational risk
• D. Regulatory risk

Correct answer: B

Explanation

The correct answer is B, as optimizing residual risk involves managing and minimizing the risks that remain after controls are applied. Inherent risk (A) refers to the risk that exists before any controls are implemented, while operational risk (C) and regulatory risk (D) pertain to specific types of risks that do not directly relate to the optimization of overall risk mitigation.