Certified in Risk and Information Systems Control (CRISC) — Question 250

What is the MAIN purpose of designing risk management programs?

Answer options

• A. To reduce the risk to a level that the enterprise is willing to accept
• B. To reduce the risk to the point at which the benefit exceeds the expense
• C. To reduce the risk to a level that is too small to be measurable
• D. To reduce the risk to a rate of return that equals the current cost of capital

Correct answer: A

Explanation

The correct answer, A, emphasizes that the main goal of risk management is to bring risk down to an acceptable level for the enterprise. Options B, C, and D focus on different aspects of risk reduction that do not align with the fundamental purpose of risk management, which is about acceptance rather than measurement or financial equivalence.