Certified in Risk and Information Systems Control (CRISC) — Question 68

An effective control environment is BEST indicated by controls that:

Answer options

• A. minimize senior management's risk tolerance
• B. manage risk within the organization's risk appetite
• C. are cost-effective to implement
• D. reduce the thresholds of key risk indicators (KRIs)

Correct answer: B

Explanation

The correct answer, B, emphasizes the importance of aligning risk management practices with the organization's established risk appetite, ensuring that risks are managed effectively. Option A is incorrect as it focuses on minimizing risk tolerance, which does not necessarily indicate a strong control environment. Options C and D do not directly address the effectiveness of controls in relation to risk management.