Which among the following acts as a trigger for risk response process?
A.
Risk level increases above risk appetite
B.
Risk level increase above risk tolerance
C.
Risk level equates risk appetite
D.
Risk level equates the risk tolerance
Explanation:
The risk response process is triggered when a risk exceeds the enterprise’s risk tolerance level.
The acceptable variation relative to the achievement of an objective is termed as risk tolerance. In
other words, risk tolerance is the acceptable deviation from the level set by the risk appetite and
business objectives.
Risk tolerance is defined at the enterprise level by the board and clearly communicated to all
stakeholders. A process should be in place to review and approve any exceptions to such
standards.
process. Risk appetite is the amount of risk a company or other entity is willing to accept in pursuit
of its mission. This is the responsibility of the board to decide risk appetite of an enterprise. When
considering the risk appetite levels for the enterprise, the followingtwo major factors should betaken into account:
The enterprise’s objective capacity to absorb loss, e.g., financial loss, reputation damage, etc.
The culture towards risk taking-cautious or aggressive. In other words, the amount of loss the
enterprise wants to accept in pursue of its objective fulfillment.
Answer D is incorrect. Risk response process is triggered when the risk level increases the risk
tolerance level of the enterprise, and not when it just equates the risk tolerance level.