Certified in Risk and Information Systems Control (CRISC) — Question 629

Risk avoidance is the BEST risk treatment strategy when:

Answer options

• A. proposed mitigation strategies are not technically feasible.
• B. insurance can be obtained only with substantial premiums.
• C. transfer and mitigation options cost more than they save.
• D. the residual risk is outside the organizational risk appetite.

Correct answer: D

Explanation

Risk avoidance is deemed the best strategy when the residual risk is beyond the organization's risk appetite, meaning the organization is unwilling to accept that level of risk. The other options either suggest alternatives to risk management or scenarios where risk can still be managed, thus not qualifying as the best strategy for complete avoidance.