Previously accepted risk should be:
Click on the arrows to vote for the correct answer
A. B. C. D.A.
Acceptance of risk should be regularly reviewed to ensure that the rationale for the initial risk acceptance is still valid within the current business context.
The rationale for initial risk acceptance may no longer be valid due to change(s) and.
hence, risk cannot be accepted permanently.
Risk is an inherent part of business and it is impractical and costly to eliminate all risk.
Even risks that have been accepted should be monitored for changing conditions that could alter the original decision.
The correct answer is A. re-assessed periodically since the risk can be escalated to an unacceptable level due to revised conditions.
Explanation:
Risk management is an ongoing process, and risks that were previously accepted can change due to changing circumstances such as changes in the environment, technology, and business processes. Risks that were acceptable earlier may no longer be acceptable, and therefore, previously accepted risks should be periodically re-assessed to ensure that they are still within acceptable levels.
For example, a risk that was previously assessed as low may now have increased due to changes in the business environment, such as an increase in the number of cyber-attacks, or due to the introduction of new technologies that could expose the organization to new vulnerabilities. Therefore, it is necessary to periodically review previously accepted risks to ensure that they are still acceptable.
Option B is incorrect because it assumes that risks do not change over time, which is not true. Accepting a risk permanently without periodic review could lead to complacency, and the organization may miss out on the opportunity to mitigate or avoid the risk altogether.
Option C is incorrect because avoiding risks is not always the best option for the organization. Risk avoidance could lead to missed opportunities and may not be feasible in some cases.
Option D is incorrect because accepting a risk does not mean that it should be removed from the risk log. The risk log should be regularly updated to reflect changes in the risk environment and to ensure that risks are adequately managed.