Certified in Risk and Information Systems Control (CRISC) — Question 545

Which of the following is the PRIMARY objective of establishing an organization’s risk tolerance and appetite?

Answer options

• A. To assist management in decision making
• B. To create organization-wide risk awareness
• C. To minimize risk mitigation efforts
• D. To align with board reporting requirements

Correct answer: A

Explanation

The primary purpose of establishing risk tolerance and appetite is to aid management in making informed decisions regarding risk. While creating risk awareness and aligning with reporting requirements are important, they are secondary to the core goal of supporting decision-making processes.