A change in technology, regulation, business process, functionality, architecture, or user variables that affects the enterprise risk level is described as which risk?

Change risk is the risk that emerges when technology, regulation, business processes, functionality, architecture, or user variables change, and those changes alter the level of enterprise risk. When any of these aspects shifts, new threats can appear, existing controls may become less effective, compliance requirements can change, and the potential impact of incidents can increase or decrease. This framing directly matches the idea that risk level changes due to modifications in multiple parts of the organization.

Audits are evaluations of controls and processes, not a risk category. Environmental risk refers to external conditions that can affect operations, not the internal risk level caused by changes. Consequence is the potential impact of a risk event, not the risk that arises from changes themselves.