Certified in Risk and Information Systems Control (CRISC) — Question 344

Which of the following is the BEST way to promote adherence to the risk tolerance level set by management?

Answer options

• A. Avoiding risks that could materialize into substantial losses
• B. Increasing organizational resources to mitigate risks
• C. Defining expectations in the enterprise risk policy
• D. Communicating external audit results

Correct answer: C

Explanation

The correct answer, C, emphasizes the importance of having a well-defined enterprise risk policy that sets clear expectations, which is crucial for adherence to risk tolerance. Options A and B focus on avoidance and resource allocation but do not directly address compliance with established risk levels. Option D, while important for transparency, does not directly promote adherence to risk tolerance.