You are the risk professional in Bluewell Inc. A risk is identified and enterprise wants to quickly implement control by applying technical solution that deviates from the company`s policies. What you should do? 

Answer options:

A. Recommend against implementation because it violates the company`s policies
B. Recommend revision of the current policy
C. Recommend a risk assessment and subsequent implementation only if residual risk is accepted
D. Conduct a risk assessment and allow or disallow based on the outcome

C

If it is necessary to quickly implement control by applying technical solution that deviates from the company`s policies, then risk assessment should be conducted to clarify the risk. It is up to the management to accept the risk or to mitigate it. Incorrect Answers: A: As in this case it is important to mitigate the risk, hence risk professional should once recommend a risk assessment. Though the decision for the conduction of risk assessment in case of violation of company`s policy, is taken by management. B: The recommendation to revise the current policy should not be triggered by a single request. D: Risk professional can only recommend the risk assessment if the company`s policies is violating, but it can only be conducted when the management allows.