ExpertEasy1 markMultiple Choice
CPA · Question 64 · Area I: Information Systems
Which of the following is a 'Risk Response' strategy where the organization decides to stop the activity that causes the risk?
Which of the following is a 'Risk Response' strategy where the organization decides to stop the activity that causes the risk?
Answer options:
A.
Risk Acceptance
B.
Risk Avoidance
C.
Risk Mitigation / Reduction
D.
Risk Sharing / Transfer
How to approach this question
Avoid = Stop. Mitigate = Fix. Transfer = Insure. Accept = Live with it.
Full Answer
B.Risk Avoidance✓ Correct
Risk Avoidance involves exiting the activity that generates the risk. For example, if a legacy system is too insecure to patch, decommissioning it is avoidance.
Common mistakes
Confusing Avoidance (stopping) with Mitigation (fixing).
Practice the full CPA ISC Practice Exam
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...HardQ02During a walkthrough of a client's change management process, the auditor notes that developers h...HardQ03A service organization provides a real-time transaction processing platform. The service level ag...HardQ04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...HardQ05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard