Certified in Risk and Information Systems Control (CRISC) — Question 88

You are the risk official of your enterprise. You have just completed risk analysis process. You noticed that the risk level associated with your project is less than risk tolerance level of your enterprise. Which of following is the MOST likely action you should take?

Answer options

• A. Apply risk response
• B. Update risk register
• C. No action
• D. Prioritize risk response options

Correct answer: C

Explanation

The correct answer is C, as the risk level is below the organization's tolerance, indicating no immediate action is necessary. Option A suggests applying a risk response, which is unnecessary, while B implies updating the risk register, which is not required at this level of risk. Option D suggests prioritizing responses, which again is not needed when risks are within acceptable limits.