Which of the following is a 'Risk Response' strategy where the organization decides to stop the activity that causes the risk?

Answer options:

Risk Acceptance

Risk Avoidance

Risk Mitigation / Reduction

Risk Sharing / Transfer

How to approach this question

Avoid = Stop. Mitigate = Fix. Transfer = Insure. Accept = Live with it.

Full Answer

B.Risk Avoidance✓ Correct

Risk Avoidance involves exiting the activity that generates the risk. For example, if a legacy system is too insecure to patch, decommissioning it is avoidance.

Common mistakes

Confusing Avoidance (stopping) with Mitigation (fixing).

Question 63 All questions Question 65

Practice the full CPA ISC Practice Exam

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...Hard Q02During a walkthrough of a client's change management process, the auditor notes that developers h...Hard Q03A service organization provides a real-time transaction processing platform. The service level ag...Hard Q04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...Hard Q05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard

View all 82 questions →