Step 1: Role of a Risk Function

A Risk Function ensures that an organization follows best practices in risk governance, assessment,

and control implementation.

It should be aligned with the board’s risk strategy and ensure independent oversight.

Step 2: Why Option B is Correct

The board sets the overall risk strategy, and the risk function implements risk controls accordingly.

PRMIA emphasizes board oversight as the guiding force behind risk management.

Step 3: Why the Other Options Are Incorrect

Option A ("Implement management’s direction") → Incorrect because risk oversight should be

board-driven, not solely management-driven.

Option C ("Ensure opinions are listened to") → Incorrect because risk functions enforce policies, not

just share opinions.

Option D ("Lower risk-taking to zero") → Incorrect because risk-taking is necessary for growth—

excessive risk aversion harms business.

PRMIA Risk Reference Used:

PRMIA Risk Governance Framework – Highlights board oversight in risk management.

Basel III Risk Management Standards – Emphasizes board-driven risk controls.

Final Conclusion:

The Risk Function must follow the board’s direction in implementing risk controls, making Option B

the correct answer.