Certified in Risk and Information Systems Control (CRISC) — Question 660

Improvements in the design and implementation of a control will MOST likely result in an update to:

Answer options

• A. risk tolerance
• B. risk appetite
• C. inherent risk
• D. residual risk

Correct answer: D

Explanation

The correct answer is D, as improvements in control design typically reduce the amount of risk that remains after controls are applied, which is referred to as residual risk. Options A and B pertain to the thresholds and willingness to accept risk, while option C relates to the level of risk inherent before any controls are applied, thus not directly affected by the improvements in control design.