Certified in Risk and Information Systems Control (CRISC) — Question 1440

A risk practitioner's PRIMARY focus when validating a risk response action plan should be that risk response:

Answer options

• A. advances business objectives.
• B. quantifies risk impact.
• C. reduces risk to an acceptable level.
• D. aligns with business strategy.

Correct answer: C

Explanation

The correct answer is C because the primary goal of a risk response action plan is to ensure that the identified risks are mitigated to a level that is deemed acceptable by the organization. While advancing business objectives, quantifying risk impact, and aligning with business strategy are important, they are secondary to the fundamental need of reducing risk effectively.