A risk management program would be expected to:

A risk management program would be expected to:

A risk management program would be expected to:

A.
remove all inherent risk.

B.
maintain residual risk at an acceptable level.

C.
implement preventive controls for every threat.

D.
reduce control risk to zero.

Explanation:
The object of risk management is to ensure that all residual risk is maintained at a level acceptable to the business; it is not intended to remove every identified risk or implement controls for every threat since this may not be cost-effective. Control risk, i.e., that a control may not be effective, is a component of the program but is unlikely to be reduced to zero.



Leave a Reply 1

Your email address will not be published. Required fields are marked *


mr_tienvu

mr_tienvu

I choose B