Question 8
Domain 3 — Risk Response and ReportingWhat is the purpose of risk response performance metrics?
Correct answer: B
Explanation
Risk response performance metrics are used to evaluate whether risk treatments are working as intended. They measure the "effectiveness of risk treatment activities" by showing if responses reduce risk to an acceptable level and support ongoing monitoring and improvement.
Why each option is right or wrong
A. To eliminate all risks
B. To measure the effectiveness of risk treatment activities
Risk response performance metrics are part of the risk monitoring and review process in ISO 31000:2018, Clause 6.6, where performance indicators are used to assess whether treatment actions are achieving the intended risk reduction. In practice, they provide measurable evidence that the selected controls are operating as planned and that residual risk is being driven toward the target level, rather than simply documenting that actions were taken.
C. To increase risk appetite
D. To avoid risk assessment