Certified in Risk and Information Systems Control (CRISC) — Question 492

The objective of aligning mitigating controls to risk appetite is to ensure that:

Answer options

• A. exposures are reduced to the fullest extent.
• B. insurance costs are minimized.
• C. exposures are reduced only for critical business systems.
• D. the cost of controls does not exceed the expected loss.

Correct answer: D

Explanation

The correct answer is D because it emphasizes the importance of cost-effectiveness in risk management, ensuring that the investment in controls does not exceed potential losses. Options A and C imply complete risk reduction or focus on critical systems only, which may not align with overall risk appetite. Option B is unrelated to the control alignment process.