Isaca Certified in Risk and Information Systems Control CRISC Question # 535 Topic 54 Discussion

CRISC Exam Topic 54 Question 535 Discussion:

Question #: 535

Topic #: 54

A risk practitioner observes that the fraud detection controls in an online payment system do not perform as expected. Which of the following will MOST likely change as a result?

Impact

Residual risk

Inherent risk

Risk appetite

Get Premium CRISC Questions

Explanation

Residual risk is the amount of risk that remains after the implementation of risk mitigation controls. If the fraud detection controls in an online payment system do not perform as expected, the residual risk will most likely change as a result, because the controls will not be able toreduce the impact or likelihood of the fraud risk as intended. The residual risk may increase or decrease depending on the performance of the controls, and the risk practitioner may need to adjust the risk response strategy accordingly. The other options are not as likely to change as the residual risk, because they are not directly affected by the performance of the controls, but rather depend on other factors, such as the source of the risk, the organization’s objectives, or the external environment, as explained below:

A. Impact is the extent or magnitude of the harm or loss caused by a risk. The impact of the fraud risk in an online payment system may not change as a result of the controls’ performance, becausethe impact is determined by the potential consequences of the fraud, such as financial losses, reputational damage, or legal liabilities, which are independent of the controls.

C. Inherent risk is the amount of risk that exists before the implementation of any risk mitigation controls. The inherent risk of the fraud risk in an online payment system may not change as a result of the controls’ performance, because the inherent risk is determined by the nature and characteristics of the risk, such as the type, source, or frequency of the fraud, which are independent of the controls.

D. Risk appetite is the amount and type of risk that an organization is willing to accept in pursuit of its objectives. The risk appetite of the organization may not change as a result of the controls’ performance, because the risk appetite is determined by the organization’s strategy, culture, and values, which are independent of the controls. References = Risk and Information Systems Control Study Manual, Chapter 2, Section 2.1.1, page 32. What is Residual Risk? Definition, Examples, and More, Residual Risk: Definition, Formula & Management - Video & Lesson Transcript | Study.com, Residual Risk: What It Is and How to Manage It

Actual exam question for Isaca CRISC exam by Storm35900 at Jun 5, 2026, 11:00:08 PM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Isaca Certified in Risk and Information Systems Control CRISC Question # 535 Topic 54 Discussion

Isaca Certified in Risk and Information Systems Control CRISC Question # 535 Topic 54 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Isaca Certified in Risk and Information Systems Control CRISC Question # 535 Topic 54 Discussion

Isaca Certified in Risk and Information Systems Control CRISC Question # 535 Topic 54 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval