Certified in Risk and Information Systems Control (CRISC) — Question 987

Which of the following would MOST likely cause management to unknowingly accept excessive risk?

Answer options

• A. Lack of preventive controls
• B. Risk tolerance being set too low
• C. Inaccurate risk ratings
• D. Satisfactory audit results

Correct answer: C

Explanation

The correct answer is C, as inaccurate risk ratings can lead management to misjudge the actual level of risk, resulting in poor decision-making. Options A and B could lead to issues, but they would not directly cause management to accept excessive risk without their knowledge. D is misleading because satisfactory audit results may give a false sense of security, but they do not directly influence the acceptance of risk.