Certified in Risk and Information Systems Control (CRISC) — Question 941

Which of the following is the MOST important reason to validate that risk responses have been executed as outlined in the risk response plan?

Answer options

• A. To ensure residual risk is at an acceptable level
• B. To ensure completion of the risk assessment cycle
• C. To ensure control costs do not exceed benefits
• D. To ensure controls are operating effectively

Correct answer: A

Explanation

The correct answer, A, emphasizes the importance of managing residual risk to maintain an acceptable level, which is crucial for effective risk management. Options B and C, while relevant, do not directly address the immediate outcome of risk responses, and option D focuses on operational effectiveness without highlighting the importance of residual risk management.