Certified in Risk and Information Systems Control (CRISC) — Question 570

Which of the following BEST enables a risk practitioner to understand management's approach to organizational risk?

Answer options

• A. Industry best practices for risk management
• B. Risk appetite and risk tolerance
• C. Prior year’s risk assessment results
• D. Organizational structure and job descriptions

Correct answer: B

Explanation

The correct answer, B, highlights the concepts of risk appetite and risk tolerance, which directly reflect management's willingness to accept risks and their thresholds for risk levels. Options A, C, and D provide useful information but do not specifically convey management's perspective on risk, making them less effective for understanding the overall risk posture.