Certified in Risk and Information Systems Control (CRISC) — Question 861

When evaluating a number of potential controls for treating risk, it is MOST important to consider:

Answer options

• A. risk tolerance and control complexity
• B. inherent risk and control effectiveness
• C. risk appetite and control efficiency
• D. residual risk and cost of control

Correct answer: D

Explanation

The correct answer is D because understanding residual risk and the cost of control is critical in determining the feasibility and effectiveness of risk management measures. The other options, while relevant, do not directly address the financial implications and remaining risk after controls are implemented.