Certified in Risk and Information Systems Control (CRISC) — Question 637
You and your project team are identifying the risks that may exist within your project. Some of the risks are small risks that won't affect your project much if they happen. What should you do with these identified risk events?
Answer options
- A. These risks can be dismissed.
- B. These risks can be accepted.
- C. These risks can be added to a low priority risk watch list.
- D. All risks must have a valid, documented risk response.
Correct answer: C
Explanation
Option C is correct because adding minor risks to a low priority risk watch list allows the team to monitor them without allocating excessive resources. Option A is incorrect as dismissing risks may overlook potential issues. Option B implies acceptance without monitoring, which is not advisable. Option D is overly broad since not all minor risks require a detailed response.