Certified in Risk and Information Systems Control (CRISC) — Question 1433

Which of the following should be given the HIGHEST priority when developing a response plan for risk assessment results?

Answer options

• A. Risk that has been untreated
• B. Items with the highest likelihood of occurrence
• C. Items with a high inherent risk
• D. Risk that exceeds risk appetite

Correct answer: D

Explanation

The correct answer is D, as risks that exceed risk appetite indicate a level of threat that the organization is not willing to accept, necessitating immediate attention. While untreated risks, high likelihood items, and high inherent risks are important, they do not take precedence over risks that surpass the organization’s capacity for acceptable risk.