Between "Risk priorities" and "Risk appetite":
Risk priorities can inform a risk practitioner on which risks to address immediately based on their ranking or urgency.
Risk appetite, on the other hand, provides an overarching perspective that defines how much risk the organization is willing to accept. Understanding this boundary is foundational when planning any risk response. If a risk exceeds the organization's risk appetite, it's a clear indicator that response actions are required, irrespective of its current priority.
Given this, for planning response activities and ensuring alignment with organizational objectives, the:
D. Risk appetite
would indeed be the MOST useful information. I appreciate your patience and the opportunity to clarify.
"After risk has been identified by quantative/qualitative assessment it should be mapped against the risk tolerance and risk appetite to make an informed decision about how much acceptable risk really is. " ISACA manual.
I really would have thought you'd be looking at risk appetite to determine risk responses. The question jumps from risk identification to risk response, which is a tad frustrating in itself.
I suppose if you think about it as "they've done the assessment and decided on the responses, now they're planning said responses" then A makes more sense?
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
jack423
9 months, 1 week agomynk29
1 year, 2 months agomynk29
1 year, 2 months agoCbtL
1 year, 2 months agoCbtL
1 year, 2 months agoCbtL
1 year, 2 months agojohn_boogieman
1 year, 4 months agoKoulyo
1 year, 3 months ago