Certified in Risk and Information Systems Control (CRISC) — Question 582

Which of the following would be the BEST
recommendation if the level of risk in the IT risk profile has decreased and is now below management's risk appetite?

Answer options

• A. Decrease the number of related risk scenarios.
• B. Optimize the control environment.
• C. Realign risk appetite to the current risk level.
• D. Reduce the risk management budget.

Correct answer: B

Explanation

The best course of action is to optimize the control environment, as it ensures that the current risk level is managed effectively and prepares the organization for any future changes in risk. Decreasing the number of risk scenarios or realigning risk appetite may overlook necessary controls, while reducing the budget could undermine risk management efforts.