Q: 3
Which of the following would be MOST useful to senior management when determining an
appropriate risk response?
Options
Discussion
Option A
A . Management needs to know if current risk is over or under tolerance to make the right response call. C is tempting but that's more about measuring control effectiveness, not picking a response. Agree?
Its A since you need to see if current risk is within the tolerance management set up. That tells them if action is required or if they're safe. C helps with evaluating controls but not with picking a response. I think A fits best here, but maybe I’m missing something?
A tbh, since senior management has to know if current risk is within the risk tolerance they've already set. That comparison tells them if action is needed or not. C sounds close but it's more about checking control effectiveness, not about deciding a response. Seen similar in CRISC prep and A is what they look for. Anyone see a scenario where C would edge it out?
Official CRISC guide and ISACA's practice tests have similar scenarios, but I think C could fit too depending on how it's worded.
A saw similar in exam reports. Senior management needs risk vs tolerance to make decisions.
B , I always see cost variance mentioned in risk response stuff on ISACA practice but maybe I'm overthinking it. Feels like showing the financial impact vs planned strategies could help execs decide? Not totally sure though.
Its A. Official CRISC guide and some ISACA practice sets explain why risk vs tolerance is what management looks for most when picking a response.
Honestly, A makes sense unless senior management hasn't actually defined their risk tolerance. In that rare edge case, the comparison wouldn't help them much until those limits are set. But for normal scenarios, you need to know where current risk stands vs the acceptable range-otherwise execs can’t pick a proper response. I’m pretty sure A is right, but open to counterpoints.
I think A . If the established tolerance isn't part of the comparison, management can't gauge if they're within risk appetite, which flips the answer in scenarios where policy limits aren't set.
Be respectful. No spam.
