During a risk assessment, a risk practitioner learns that an IT risk factor is adequately mitigated by compensating controls in an associated business process. Which of the following would enable the MOST effective management of the residual risk?
A.
Recommend additional IT controls to further reduce residual risk.
B.
Request that ownership of the compensating controls is reassigned to IT.
C.
Schedule periodic reviews of the compensating controls' effectiveness.
D.
Report the use of compensating controls to senior management.
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
CbtL
8 months, 2 weeks ago