Why not B. ensure that risk is mitigated by the control. I implement controls to make sure that risks are mitigated. I test the controls to ensure it's doing what it's supposed to do.
I disagree with D. measure efficiency of the control process. I don't test the control to ensure efficiency of the control process. Makes no sense.
B. ensure that risk is mitigated by the control
The PRIMARY objective of testing the effectiveness of a new control before implementation is to "B. ensure that risk is mitigated by the control." Testing the control before full implementation helps verify that the control is capable of effectively mitigating the identified risk. It ensures that the control is designed and configured correctly to address the specific risk it is intended to manage.
B. ensure that risk is mitigated by the control
The primary objective of testing a control before implementation is to ensure that the control effectively mitigates the risk it is designed to address. By testing the control, the organization can confirm that it works as intended and that it effectively reduces the risk to an acceptable level.
Option A, "comply with the organization's policy", could be a secondary reason but is not the primary objective.
Option C, "confirm control alignment with business objectives", and option D, "measure efficiency of the control process", are benefits of testing, but the primary reason is to ensure that the risk is being effectively mitigated by the control.
The main objective of applying controls is to reduce the risk to an acceptable level i.e. the control works as intended to mitigate the risk. Otherwise, the control will be ineffective
Testing control effectiveness involves assessing the control's ability to mitigate risks, but it also includes verifying that the control is reliable, efficient, and cost-effective.
A very basic concept of CRISC is knowing that the objective of testing the effectiveness of a control is to ensure that it mitigates the risk for which it is designed.
Why not C? The question emphasis is on "before implementation". Controls yet to be implemented can only be assessed to confirm alignment with business objectives.
In 5th edition review questions and asnwer, R3-102
The best way to ensure that an information systems control is appropriate and effective is to verify that the:
A. Control is operating as designed
B. Risk associated with the control is being mitigated
C. Control has not been pypassed
D. Control logs are reviewed frequently
Answer is B. A control is designed to mitigate or reduce a risk ...
Answer should be B
Controls are implemented with mitigate Risk, If controls not addressing that no use of control implementation. I will go with B.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Anon530
Highly Voted 3 years, 3 months agokingsmann
Highly Voted 3 years, 2 months agoStaanlee
Most Recent 10 months, 2 weeks ago01010100
11 months agomraiyan
1 year agozoe_c
1 year agoaki
1 year, 3 months agojohn_boogieman
1 year, 4 months agoJulianleehk
1 year, 4 months agosleekygurl
1 year, 6 months agoCeecil1959
2 years, 3 months agoPiotrM
2 years, 4 months agoRaj1510
2 years, 5 months ago