Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Isaca Discussions

Exam CRISC topic 1 question 111 discussion

Actual exam question from Isaca's CRISC
Question #: 111
Topic #: 1
[All CRISC Questions]

You are the risk official of your enterprise. You have just completed risk analysis process. You noticed that the risk level associated with your project is less than risk tolerance level of your enterprise. Which of following is the MOST likely action you should take?

  • A. Apply risk response
  • B. Update risk register
  • C. No action
  • D. Prioritize risk response options
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
When the risk level is less than risk tolerance level of the enterprise than no action is taken against that, because the cost of mitigation will increase over its benefits.
Incorrect Answers:
A: This is not a valid answer, as no response is being applied to such low risk level.
B: Risk register is updates after applying response, and as no response is applied to such low risk level; hence no updating is done.
D: This is not a valid answer, as no response is being applied to such low risk level.
by Rooks at Oct. 21, 2020, 8:51 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Anon530
Highly Voted 3 years, 1 month ago
The answer is wrong. When the risk is lower than the tolerance level, you don't take "no action." "Take no action" is not a risk response. The action you are taking is risk acceptance. But risk acceptance is not one of the possible answers. The next step after that would be to enter the risk into the risk register so that it could periodically be evaluated. What is a "low risk" today may become a "high risk" later due to changing landscape (threats). So the best answer for this question is update the risk register.
upvoted 18 times
...
abc123abc
Most Recent 2 years, 5 months ago
In my opinion answer must be " Apply Risk Response" because the risk level is lower than the threshold and it must be accepted. And Acceptance (as a risk response choice) must be the correct response. So by choosing acceptance, correct answer must be apply risk response. However some other sources said that answer should be "updating risk register".
upvoted 1 times
...
[Removed]
3 years ago
The answer is correct. It is not a specific risk but rather the risk level of the project, which is within Enterprise tolerance. No Action implies accept.
upvoted 2 times
...
Shaws1
3 years, 1 month ago
the risk register is the answer
upvoted 2 times
...
Rooks
3 years, 6 months ago
Even if no action is needed sbouldn't ne registered in the risk register?
upvoted 4 times
JohnnyBravo79
3 years, 3 months ago
Unless this Risk is already in the risk register... the question is worded poorly to me...
upvoted 2 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel