Ace the 2025 Certified Governance Risk & Compliance (CGRC) Challenge – Navigate the Governance Maze with Confidence!

The chosen response strategy is contingent response strategy because it involves taking action based on the specific circumstances that arise, in this case, the vendor being late by more than ten days. A contingent response strategy is designed to address risks that materialize, often with a plan to respond reactively to a predefined threshold of risk or event occurrence.

In this scenario, the decision to hire a more expensive company serves as a direct response to the situation at hand—specifically, the delay caused by the original vendor. This type of strategy recognizes that unforeseen events can impact project timelines and requires a quick reassessment of available options to mitigate the negative consequences of the delay.

Other approaches mentioned, such as expert judgment or internal risk management strategies, typically focus on either assessing risks and benefits through informed opinions or managing risks through established internal processes without necessarily reacting to an unforeseen circumstance like a vendor delay. Similarly, an external risk response involves addressing risks from an external viewpoint but may not specifically indicate an action taken in reaction to a vendor's tardiness. Therefore, the contingent response strategy accurately represents the proactive decision-making context stemming from the vendor's failure to deliver as scheduled.