Primary Goal of Risk Management Program

B.

The primary goal of a risk management program is to manage the business impact of inherent risks (answer B).

Risk management is a process of identifying, assessing, and prioritizing risks, followed by coordinated and cost-effective application of resources to minimize, monitor, and control the probability or impact of those risks. The ultimate objective of a risk management program is to manage the impact of risks on an organization's business objectives.

Preventive controls (answer A) are an essential part of a risk management program, but they are not the primary goal. Preventive controls aim to stop or minimize the occurrence of a risk. They are measures taken to avoid or reduce the likelihood of a risk materializing. Preventive controls may include security policies, procedures, training, and technologies.

Managing compliance with organizational policies (answer C) is also important, but it is not the primary goal of risk management. Compliance management involves ensuring that an organization follows relevant regulations, standards, and policies. Compliance management is a part of risk management, but it is not the primary goal.

Reducing the organization's risk appetite (answer D) is not the primary goal of risk management either. Risk appetite refers to an organization's willingness to take risks to achieve its objectives. A risk management program aims to help the organization manage risks within its risk appetite, not to reduce it.

Therefore, the correct answer is B, managing the business impact of inherent risks. A risk management program aims to identify, assess, and manage risks to minimize their impact on an organization's business objectives. It involves implementing preventive controls, managing compliance, and ensuring that risks are managed within the organization's risk appetite.