Risk acceptancemeanschoosing not to take immediate actionto mitigate the risk, making it thelowest-costapproach in the short term.
Risk Acceptance (Correct Answer – B)
The organizationacknowledges the riskand decides toaccept itwithout implementing additional controls.
Example:A small companyaccepts the riskof not segregating financial duties due to limited staff.
Risk Mitigation (Incorrect – A)
Requiresimplementing controls, whichincur costs.
Risk Transference (Incorrect – C)
Involvesoutsourcing risk(e.g., buying insurance), which hasfinancial costs.
Risk Reduction (Incorrect – D)
Involvesapplying security controls, leading to additional costs.
[References:, ISACA CISA Review Manual, ISO 31000 (Risk Management Framework), , , , , ]
Submit