Certified Governance Risk and Compliance (CGRC) Practice Exam 2025 - Free CGRC Practice Questions and Study Guide

The technique used to shift the impact of a threat to a third party is correctly identified as risk transference. This approach involves transferring the responsibility and the financial consequences of a risk to another party, such as through insurance, outsourcing, or contractual agreements.

For example, a company may decide to purchase insurance to cover potential losses from certain risks, effectively shifting the financial burden to the insurance provider. This allows the organization to reduce their direct liability and ensures that the impact of certain adverse events is borne by another party, which is central to the concept of risk transference.

Other techniques are based on different strategies for managing risks. Risk acceptance means acknowledging the risk and deciding not to take any action, remaining fully responsible for any consequences. Risk avoidance seeks to completely eliminate the risk by changing plans or processes to prevent it from occurring. Risk mitigation focuses on reducing the likelihood or impact of the risk through proactive measures. Each of these methods serves different purposes in a risk management strategy, but only risk transference involves shifting the impact to another entity.