Which term describes the risk level before management actions such as controls are applied?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the ISACA IT Risk Fundamentals Test. Find flashcards and multiple choice questions, complete with hints and explanations. Ace your exam with confidence!

Multiple Choice

Which term describes the risk level before management actions such as controls are applied?

Explanation:
Inherent risk is the level of risk that exists before any controls are applied. It represents the baseline risk present due to the environment, processes, and inherent vulnerabilities, assuming no safeguards are in place. Think of it as the potential for adverse impact if threats exploit weaknesses without any mitigation. After controls are added, the remaining risk is called residual risk, not inherent risk. For example, a system with weak encryption has high inherent risk, but adding strong encryption reduces the residual risk while not eliminating it entirely.

Inherent risk is the level of risk that exists before any controls are applied. It represents the baseline risk present due to the environment, processes, and inherent vulnerabilities, assuming no safeguards are in place. Think of it as the potential for adverse impact if threats exploit weaknesses without any mitigation. After controls are added, the remaining risk is called residual risk, not inherent risk. For example, a system with weak encryption has high inherent risk, but adding strong encryption reduces the residual risk while not eliminating it entirely.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy