Certified in Risk and Information Systems Control (CRISC) — Question 551

Which of the following should be the PRIMARY basis for prioritizing risk responses?

Answer options

• A. The replacement cost of the business asset
• B. The impact of the risk
• C. The classification of the business asset
• D. The cost of risk mitigation controls

Correct answer: B

Explanation

The primary basis for prioritizing risk responses is the impact of the risk (B), as it directly affects the organization’s operations and objectives. While the replacement cost (A), classification of the asset (C), and cost of mitigation controls (D) are important factors, they are secondary to understanding the potential consequences of the risk itself.