ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CRISC All Questions

View all questions & answers for the CRISC exam
Go to Exam

Exam CRISC topic 1 question 672 discussion

Actual exam question from Isaca's CRISC
Question #: 672
Topic #: 1
[All CRISC Questions]

An IT risk practitioner has determined that mitigation activities differ from an approved risk action plan. Which of the following is the risk practitioner's BEST course of action?

  • A. Revert the implemented mitigation measures until approval is obtained.
  • B. Validate the adequacy of the implemented risk mitigation measures.
  • C. Report the observation to the chief risk officer (CRO).
  • D. Update the risk register with the implemented risk mitigation actions.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Rooks at Sept. 3, 2020, 1:54 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
eblue
10 months, 3 weeks ago
Selected Answer: C
C. Report the observation to the chief risk officer (CRO). This is the risk practitioner’s BEST course of action because it is the responsibility of the risk practitioner to communicate any deviations from the approved risk action plan to the appropriate authority, such as the CRO, who can then decide on the next steps
upvoted 1 times
...
CbtL
1 year, 3 months ago
Selected Answer: B
This is where real life gets in the way of test taking. If you do not investigate the chosen solution first, when you go to the CRO all they are going to do is start asking questions you cannot answer. Agreeing it is B for this one.
upvoted 1 times
...
Koulyo
1 year, 3 months ago
Selected Answer: B
Normal course of action would be to investigate why and if the validation works, then report to CRO. If you report to the CRO right away, the CRO would need to know why?
upvoted 2 times
...
Julianleehk
1 year, 5 months ago
should be C
upvoted 2 times
Julianleehk
1 year, 3 months ago
maybe is A
upvoted 1 times
...
...
john_boogieman
1 year, 5 months ago
Selected Answer: C
It is not about whether or not the measures are adequate, but about knowing why they have changed, and that is something that requires elevation.
upvoted 1 times
...
SkipC
1 year, 8 months ago
Why C??? Report to the CRO? That’s extreme for the first step. I think u should validate to see if plan worked. B. Validate the adequacy of the implemented risk mitigation measures
upvoted 4 times
...
Rooks
3 years, 11 months ago
Shouldn’t it be reported if the proper approved action plan was not followed and the answer should be C?
upvoted 3 times
satyrdaniel
3 years ago
Yes, I should it be C.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel