Certified in Risk and Information Systems Control (CRISC) — Question 553

Which of the following is MOST important when determining risk appetite?

Answer options

• A. Assessing regulatory requirements
• B. Identifying risk tolerance
• C. Benchmarking against industry standards
• D. Gaining management consensus

Correct answer: D

Explanation

Gaining management consensus is essential because it aligns the organization's risk appetite with its strategic goals and culture. While assessing regulatory requirements, identifying risk tolerance, and benchmarking against industry standards are important, they are secondary to ensuring that management is unified in its approach to risk.