Certified in Risk and Information Systems Control (CRISC) — Question 437
Harry is the project manager of HDW project. He has identified a risk that could injure project team members. He does not want to accept any risk where someone could become injured on this project so he hires a professional vendor to complete this portion of the project work. What type of risk response is Harry implementing?
Answer options
- A. Transference
- B. Mitigation
- C. Acceptance
- D. Avoidance
Correct answer: A
Explanation
Harry is transferring the risk of injury to a professional vendor, which means he is not bearing the risk himself but rather passing it on to another party. Mitigation would involve taking steps to reduce the impact or likelihood of the risk, while acceptance means acknowledging the risk without taking action. Avoidance would entail eliminating the risk entirely, which is not what Harry is doing since he is still engaging in the project work.