Certified in Risk and Information Systems Control (CRISC) — Question 956

The MAIN purpose of selecting a risk response is to:

Answer options

• A. mitigate the residual risk to be within tolerance.
• B. ensure organizational awareness of the risk level.
• C. demonstrate the effectiveness of risk management practices.
• D. ensure compliance with local regulatory requirements.

Correct answer: A

Explanation

The correct answer, A, emphasizes the importance of reducing residual risk to an acceptable level, which is fundamental in risk management. Options B, C, and D, while relevant to risk awareness and compliance, do not directly address the primary goal of managing and mitigating risks effectively.