An organization determines that the cost of implementing controls to address a specific low-impact risk exceeds the potential loss, so management decides to do nothing further and simply budget for any possible consequences. Which risk response strategy is the organization employing?
The organization is choosing risk acceptance-it consciously retains the risk and any associated impact rather than investing in mitigation or shifting liability.
Risk acceptance: The organization acknowledges the risk and its potential impact but takes no additional action beyond monitoring or budgeting for a loss.
Risk transference: Liability is shifted to a third party (for example, via insurance or outsourcing).
Risk mitigation: Controls are implemented to reduce either the likelihood or impact of the risk.
Risk avoidance: The risky activity is eliminated altogether to remove the exposure.
Because the scenario states that management will simply absorb any consequences, it clearly aligns with risk acceptance.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the different risk management strategies?
Open an interactive chat with Bash
Can you give examples of risk transference?
Open an interactive chat with Bash
What is the importance of understanding risk acceptance and transference?