Certified in Risk and Information Systems Control (CRISC) — Question 83

Risk management strategies are PRIMARILY adopted to:

Answer options

• A. achieve compliance with legal requirements
• B. take necessary precautions for claims and losses
• C. avoid risk for business and IT assets
• D. achieve acceptable residual risk levels

Correct answer: B

Explanation

The correct answer is B because risk management is fundamentally about taking steps to protect against potential claims and losses. While achieving compliance (A), avoiding risks (C), and managing residual risks (D) are important, the primary goal of risk management is to safeguard the organization from financial and operational impacts.