Certified in Risk and Information Systems Control (CRISC) — Question 741

Which of the following is a risk practitioner's MOST important responsibility in managing risk acceptance that exceeds risk tolerance?

Answer options

• A. Increase the risk appetite to align with the current risk level.
• B. Verify authorization by senior management.
• C. Update the risk response in the risk register.
• D. Ensure the acceptance is set to expire over time.

Correct answer: B

Explanation

The correct answer is B because it is essential for a risk practitioner to ensure that any acceptance of risk is authorized by senior management, as they have the ultimate accountability for risk decisions. Options A and C do not address the necessity of obtaining management authorization, while option D is not as critical as confirming authorization.