CRISC Exam QuestionsBrowse all questions from this exam
Go to Exam

CRISC Exam - Question 258

An organization has outsourced its lease payment process to a service provider who lacks evidence of compliance with a necessary regulatory standard. Which risk treatment was adopted by the organization?

Show Answer
Correct Answer: A

The organization has outsourced its lease payment process to a service provider who lacks evidence of compliance with a necessary regulatory standard, implying they are aware of the risk involved. By proceeding with this service provider despite the compliance risk, the organization has chosen to retain the risk without taking any steps to mitigate, transfer, or avoid it. This decision aligns with the concept of risk acceptance, which involves acknowledging a risk and deciding to accept the potential consequences without further action.

Discussion

14 comments
Sign in to comment
Raj1510
Raj1510
Jul 16, 2022

Outsourcing is risk transfer but accountability still with organization. Outsourcing to a service provider who lacks evidence of compliance with a necessary regulatory standard is risk acceptance. so will go with A

john_boogieman
john_boogiemanOption: A
Aug 8, 2023

If the contracting of the process was carried out knowing that the supplier was not compliant, then the risk was accepted.

mclaiborne
mclaiborne
Oct 22, 2021

I think the key here is that they've already outsourced, knowing the vendor they outsourced to was lacking in that area - so they "accepted" that risk.

AMIRA1986
AMIRA1986
Oct 16, 2021

Transfer or mitigation

Josh93
Josh93
Oct 18, 2021

should be transfer

Ceecil1959
Ceecil1959
Oct 30, 2022

Accepting the risk is doing nothing about it. Accepting the consequences of the outcome in case it happens. So how can it be acceptance when it was transferred to an outside vendor?.

cybervds
cybervds
Jul 9, 2023

the consequences of the risk remain with the company. risk transfer implies insurance/hold-harmless/indemnity agreement whereby the actual financial consequence of the risk is transferred to the indemnitor.

Annyp
Annyp
May 11, 2023

Outsourcing is putting some control implies Mitigation. Risk transfer means transferring impact like insurance. So correct answer is C

groz
groz
Dec 1, 2023

def not correct

Boubou480
Boubou480Option: A
Jul 3, 2023

Accepting the risk is doing nothing about it.

cybervds
cybervdsOption: A
Jul 9, 2023

the consequences of the risk remain with the company. risk transfer implies insurance/hold-harmless/indemnity agreement whereby the actual financial consequence of the risk is transferred to the indemnitor.

User avatar
Anonymous
Oct 10, 2023

A is correct because they outsourced its lease payment process to a service provider who lacks evidence of compliance with a necessary regulatory standard.so they acceptecd the risk.

01010100
01010100Option: B
Feb 7, 2024

B. Transfer When an organization outsources a process (or function) to a third-party provider, it is transferring the responsibility of managing that process (and some of the associated risks) to that provider. However, it's essential to note that while some operational responsibilities might be transferred, the organization typically retains ultimate accountability for regulatory compliance.

Staanlee
StaanleeOption: C
Feb 25, 2024

The correct answer is C. Mitigation. In risk management, "mitigation" involves taking actions to reduce the impact or likelihood of a risk. In this scenario, the organization has outsourced its lease payment process to a service provider who lacks evidence of compliance with a necessary regulatory standard. By adopting a mitigation approach, the organization might take steps to work with the service provider to ensure they meet the necessary regulatory standard, provide evidence of compliance, and thereby reduce the risk associated with the situation.

eblue
eblueOption: B
Mar 1, 2024

when an organization outsources a process to a service provider who lacks evidence of compliance with a necessary regulatory standard, the organization is exposed to a significant risk. In this case, the organization must adopt a risk treatment strategy to mitigate the risk.

Joloms
Joloms
Dec 7, 2024

The risk treatment adopted by the organization in this scenario is risk acceptance. By outsourcing the lease payment process to a service provider who lacks evidence of compliance with a necessary regulatory standard, the organization has effectively chosen to accept the risk associated with potential non-compliance. Risk acceptance involves acknowledging the risk and deciding to retain it without taking any immediate action to mitigate, transfer, or avoid it. In this case, the organization is aware of the risk (the service provider's lack of compliance evidence) but has proceeded with the outsourcing arrangement, implying that they have accepted the potential consequences that may arise from this decision.