Certified in Risk and Information Systems Control (CRISC) — Question 643

Which of the following should be the PRIMARY focus of a risk owner once a decision is made to mitigate a risk?

Answer options

• A. Determining processes for monitoring the effectiveness of the controls
• B. Confirming to management the controls reduce the likelihood of the risk
• C. Updating the risk register to include the risk mitigation plan
• D. Ensuring that control design reduces risk to an acceptable level

Correct answer: D

Explanation

The correct answer is D because the primary focus of a risk owner is to ensure that the controls are effectively designed to reduce the risk to an acceptable level. The other options, while important, are secondary to the fundamental goal of mitigating the risk effectively.