Certified in Risk and Information Systems Control (CRISC) — Question 1430
After recent updates to the risk register, management has requested that the overall level of residual risk be reduced. Which of the following is the risk practitioner's BEST course of action?
Answer options
- A. Prioritize remediation plans.
- B. Recommend the acceptance of low-level risk.
- C. Develop new risk action plans with risk owners.
- D. Implement additional controls.
Correct answer: C
Explanation
The best action for the risk practitioner is to develop new risk action plans with risk owners, as this directly addresses the management's request to lower residual risk. While prioritizing remediation plans and implementing additional controls may help, they do not specifically involve collaboration with risk owners or address the need for new strategies. Accepting low-level risks does not actively reduce the overall residual risk.