Tthe BEST indication of an effective risk management program is option C - Residual risk is within the organizational risk appetite. If the residual risk is within the organizational risk appetite, it suggests that the organization has identified and assessed the risks, designed and implemented appropriate controls, and regularly monitored the risks to ensure that they are managed effectively.
C. Residual risk is within the organizational risk appetite.
The best indication of an effective risk management program is when the residual risk (the risk that remains after applying controls) is within the organizational risk appetite. An effective risk management program ensures that the organization's risk-taking aligns with its risk tolerance and strategic objectives. Keeping the residual risk within the established risk appetite demonstrates that risks are being identified, assessed, and managed in a way that supports the organization's overall goals and tolerances.
Should be "C", this is the core objective of risk management. When the residual risk is within the risk appetite then you already should have done A,B & D
From the below, D appears more apt. You could have ad-hoc instances where risk actions are approved by mgmt (A) and Implementation of mitigating controls (B).
(C) appears incorrect because the risk program may still be very mature but with instances of residual risk beyond the risk appetite.
The key basic of maturity is where Risk across the organization is tracked in risk register, which enables prioritization or remediation and risk awareness, etc. So (D) is the right answer.
A. Risk action plans are approved by senior management
B. Mitigating controls are designed and implemented
C. Residual risk is within the organizational risk appetite
D. Risk is recorded and tracked in the risk register
as to know Residual risk we have to have all Risk management stadies passed...also we may not need any mitigiation (if there are inherit Risks are within risk appetite)
why controls? they might be ineffective, why not C. Residual risk is within the organizational risk appetite?
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
SuperMax
6 months, 1 week agoStaanlee
8 months, 1 week agomraiyan
10 months, 3 weeks agoCbtL
1 year, 1 month agoJulianleehk
1 year, 2 months agohuze
1 year, 7 months agoRaj1510
2 years, 3 months agoaselunar
2 years, 11 months agoNeilKK
3 years, 9 months agoStanislav_crisc
3 years, 10 months agoStanislav_crisc
3 years, 10 months ago