When a risk cannot be sufficiently mitigated through manual or automatic controls, which of the
following options will BEST protect the enterprise from the potential financial impact of the risk?
A.
Updating the IT risk registry
B.
Insuring against the risk
C.
Outsourcing the related business process to a third party
D.
Improving staff-training in the risk area
Explanation:
An insurance policy can compensate the enterprise up to 100% by transferring the risk to another
company. Hence in this stem risk is being transferred.
Answer A is incorrect. Updating the risk registry (with lower values for impact and probability) will
not actually change the risk, only management’s perception of it.
Answer D is incorrect. Staff capacity to detect or mitigate the risk may potentially reduce the
financial impact, but insurance allows for the risk to be mitigated up to 100%.
Answer C is incorrect. Outsourcing the process containing the risk does not necessarily remove orchange the risk. While on other hand, insurance will completely remove the risk.