Ace the 2025 Certified Governance Risk & Compliance (CGRC) Challenge – Navigate the Governance Maze with Confidence!

The chosen response strategy is a contingent response strategy. This approach is applicable when organizations anticipate potential risks and prepare alternative actions to address them if those risks materialize. In this case, the vendor's late delivery posed a risk to the timely fulfillment of orders. By hiring a different company to ensure that orders are completed on time, the organization is employing a predetermined backup solution to manage the impact of the risk.

A contingent response strategy is particularly effective in situations where dependencies on third parties exist, such as suppliers or vendors. It allows businesses to remain agile and minimize disruptions by quickly pivoting to alternative solutions when the original plan fails. This proactive mindset helps maintain operational effectiveness and mitigate potential losses due to unforeseen delays or failures.

In contrast, mitigation involves implementing measures to reduce the likelihood or impact of a risk rather than relying on alternate options after a risk has occurred. Risk acceptance refers to acknowledging a risk without taking any immediate action, which is not the case here since the organization actively sought an alternative. An internal risk strategy would focus on internal controls or processes rather than addressing external vendor issues. Thus, the contingent response strategy best captures the essence of this scenario.