Certified in Risk and Information Systems Control (CRISC) — Question 889

Which of the following is a risk practitioner's BEST course of action if a risk assessment identifies a risk that is extremely unlikely but would have a severe impact should it occur?

Answer options

• A. Address the risk by analyzing treatment options.
• B. Rate the risk as high priority based on the severe impact.
• C. Ignore the risk due to the extremely low likelihood.
• D. Obtain management's consent to accept the risk.

Correct answer: A

Explanation

The correct answer is A because it emphasizes the importance of evaluating treatment options for risks, regardless of their likelihood. Option B is incorrect as prioritizing based solely on potential impact may lead to neglecting more probable risks. Option C is not advisable since ignoring risks can leave an organization vulnerable, while option D does not actively mitigate the risk.