ISACA Exam Questions

Acceptable risk is achieved when:

Acceptable risk is achieved when:

residual risk is minimized.

transferred risk is minimized.

control risk is minimized.

inherent risk is minimized.


Residual risk is the risk that remains after putting into place an effective risk management
program; therefore, acceptable risk is achieved when this amount is minimized. Transferred risk is
risk that has been assumed by a third party and may not necessarily be equal to the minimal form
of residual risk. Control risk is the risk that controls may not prevent/detect an incident with a
measure of control effectiveness. Inherent risk cannot be minimized.