Certified in Risk and Information Systems Control (CRISC) — Question 221

When prioritizing risk response, management should FIRST:

Answer options

• A. evaluate the organization's ability and expertise to implement the solution.
• B. evaluate the risk response of similar organizations.
• C. determine which risk factors have high remediation costs.
• D. address high risk factors that have efficient and effective solutions.

Correct answer: D

Explanation

The correct answer is D because addressing high risk factors with efficient and effective solutions minimizes potential losses while maximizing resource use. Options A, B, and C focus on evaluating capabilities or costs rather than directly addressing the most pressing risks, which is less effective in immediate risk management.