Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam CRISC topic 1 question 869 discussion

Actual exam question from Isaca's CRISC
Question #: 869
Topic #: 1
[All CRISC Questions]

Which of the following should be the MOST important consideration for senior management when developing a risk response strategy?

  • A. Risk appetite
  • B. Cost of controls
  • C. Risk tolerance
  • D. Probability definition
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Staanlee
6 months, 2 weeks ago
Selected Answer: A
A. Risk appetite The MOST important consideration for senior management when developing a risk response strategy should be the organization's risk appetite. Risk appetite defines the level of risk that an organization is willing to accept or tolerate in pursuit of its objectives. It sets the boundaries for risk-taking and guides decision-making regarding which risks to accept, mitigate, transfer, or avoid. Senior management needs to align the risk response strategy with the organization's risk appetite to ensure that risk-taking is consistent with its overall goals and values. The risk response strategy should be designed to keep risk exposures within acceptable limits defined by the risk appetite.
upvoted 1 times
...
mynk29
10 months, 1 week ago
A risk response strategy could mean one of the four responses- accept, transfer, avoid and mitigate. The response strategy is based on appetite and tolerance. Tolerance is only used in exceptional circumstances.. So appetite seems okay but i must say i dont think tolerance is wrong too.
upvoted 1 times
...
CbtL
11 months, 2 weeks ago
Selected Answer: A
Going with A. You first make decisions based on risk appetite. Then select options based on cost of control.
upvoted 1 times
...
john_boogieman
1 year, 1 month ago
Selected Answer: A
Risk acceptance should not exceed risk appetite and response actions should be MAINLY aimed at maintaining the level without exceeding it. (7th CRISC manual, 'Risk appetite, tolerance and capacity' section).
upvoted 2 times
mynk29
10 months, 1 week ago
ummm... Risk acceptance should not exceed tolerance.
upvoted 1 times
...
...
Kozy
1 year, 6 months ago
I believe a risk response strategy primarily should be based on the risk appetite (which is the ultimate goal to be at level or under). Once risk appetite is considered you can start developing your strategy.
upvoted 4 times
...
Raj1510
2 years, 2 months ago
Risk Response brings risk in line with enterprise's defined risk appetite and tolerance as cost-effectively as possible, not to eliminate or minimize the risk at all costs. All response activities incur some cost, typically a mix of the direct cost of response and the potential cost of impact. Finding right balance is a management function. I think B is right
upvoted 1 times
Ceecil1959
1 year, 11 months ago
Definitely not B. Cost is taken into account only when mitigating and control development. The question is about Risk strategy, not Risk response implementation. Risk Tolerance is correct.
upvoted 1 times
...
...
Stefan07
2 years, 10 months ago
The answer is B - The question states what must be considered when developing risk response strategies?? I believe cost of control must not exceed the risk we are trying to mitigate.
upvoted 3 times
...
Odenkyem
2 years, 11 months ago
Risk tolerance are developed based on the risks appetite. The risk appetite is also the foundation for risk capacity . So management must look , on a broad scale , what risk will be accepted and still operate smoothly without any interruption(appetite) as the basis for any response strategy.
upvoted 2 times
...
Josh93
2 years, 11 months ago
I would think it would be A.
upvoted 3 times
...
Abhaythemagician
2 years, 11 months ago
There is a diff....one has Senior management.
upvoted 1 times
...
Tomm8125
2 years, 11 months ago
IN keeping with the following question where the answer is A. I suggest the answer should also be risk tolerance Which of the following would be MOST useful to senior management when determining an appropriate risk response? A. A comparison of current risk levels with established tolerance B. A comparison of cost variance with defined response strategies C. A comparison of accepted risk scenarios associated with regulatory compliance D. A comparison of current risk levels with estimated inherent risk levels
upvoted 2 times
Ceecil1959
2 years ago
[Determining the response] is different from the question asked about which is most important to Sr. mgmt when [developing] a risk response [strategy].
upvoted 2 times
...
...
Ramye
2 years, 11 months ago
Should the answer be B - Cost of Controls The similar type question has answer Cost of Controls Question #662Topic 1 Which of the following should be the HIGHEST priority when developing a risk response? • A. The risk response is accounted for in the budget. • B. The risk response aligns with the organization's risk appetite. • C. The risk response is based on a cost-benefit analysis. • D. The risk response addresses the risk with a holistic view. Correct Answer: C
upvoted 4 times
MusMus
2 years, 2 months ago
It makes sense it would be C in this question 662 Business Impact, takes in consideration multiple factors, most important of which is the loss expectancy vs cost of control. in our case, cost of control is not the only thing we should look at but also the risk posed. since there's no mention of CBA, the second best thing is answer A: Risk Apetite, For those who say risk tolerance? just think twice about it
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...