Open the app Sign in Start free

CRISC - Governance - Section 1.9

Define risk appetite and risk tolerance and use them to guide risk decisions.

Distinguish risk appetite, risk tolerance, and risk capacity, and explain how each concept sets a different boundary on acceptable risk-taking. Use defined thresholds to evaluate whether a proposed action is within tolerance or requires escalation to a governance body.

Risk appetiteRisk toleranceRisk capacityThresholds

More in this domain

Align the IT risk management approach with the organisation's strategy, goals and objectives.Section 1.1
Define organisational structures, roles and responsibilities that support effective risk governance.Section 1.2
Assess how organisational culture influences risk-aware decision-making and behaviour.Section 1.3
Evaluate policies and standards as the instruments that translate governance intent into operational control.Section 1.4
Identify legal, regulatory and contractual requirements that shape the IT risk programme.Section 1.5
Incorporate business process resilience and continuity considerations into organisational governance.Section 1.6
Apply enterprise risk management concepts and a risk management framework to govern IT risk.Section 1.7
Establish lines of defence that separate risk ownership, oversight and independent assurance.Section 1.8
Maintain an enterprise risk profile and apply professional ethics in the conduct of risk management.Section 1.10

Back to all Governance objectives, or the CRISC cert hub.

Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.