According to the CRISC Review Manual (Digital Version), an effective control environment is best indicated by controls that manage risk within the organization’s risk appetite, as this reflects the alignment of thecontrol objectives and activities with the organization’s strategic goals and risk preferences. The risk appetite is the amount and type of risk that the organization is willing to accept in pursuit of its objectives. Managing risk within the organization’s risk appetite helps to:
Balance the potential benefits and costs of risk-taking and risk response
Optimize the use of the organization’s resources and capabilities
Enhance the value and performance of the organization
Foster a risk-aware culture that supports the organization’s vision and mission
References = CRISC Review Manual (Digital Version), Chapter 2: IT Risk Assessment, Section 2.3: IT Risk Assessment Process, pp. 93-941
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit