Certified in Risk and Information Systems Control (CRISC) — Question 884

An organization recently restructured its leadership team and implemented emerging technologies. Which of the following MUST be validated to ensure risk is managed to an acceptable level?

Answer options

• A. Risk treatment decisions and approvals
• B. Technology architecture and processes
• C. External and internal risk factors
• D. Risk appetite and risk tolerance

Correct answer: D

Explanation

Validating the risk appetite and risk tolerance is crucial as it defines the amount and type of risk the organization is willing to accept. The other options, while important, do not directly address the fundamental understanding of risk that is necessary for effective management in the context of organizational changes.