Certified Governance Risk and Compliance (CGRC) Practice Exam 2025 - Free CGRC Practice Questions and Study Guide

The chosen response of risk mitigation is appropriate as it involves taking proactive measures to reduce the likelihood or impact of a risk associated with the supplier. Management might require Harry to implement specific strategies such as improving supplier selection processes, increasing monitoring of supplier performance, or establishing contingency plans to deal with potential supply chain disruptions.

Mitigation is particularly valuable because it seeks to diminish potential negative effects on the organization, resulting in a more resilient operation. For example, if a supplier poses risks related to quality, Harry could implement more stringent quality assessments or supplier audit procedures to reduce that risk.

Other risk responses, such as acceptance, transference, or avoidance, have distinct implications. Acceptance would imply that management acknowledges the risk and decides to tolerate it without action, which isn’t a proactive approach. Transference typically involves shifting the risk to another party, such as outsourcing, which may not align with management’s immediate directive. Avoidance means eliminating the risk by not engaging with the supplier at all, which might not be feasible if the supplier is critical to operations. Hence, implementing risk mitigation measures aligns most closely with actively managing and minimizing risks while maintaining necessary supplier relationships.