Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
An IT risk practitioner has been asked to regularly report on the overall status and effectiveness of the IT risk management program. Which of the following is MOST useful for this purpose?
A. Capability maturity level
The Capability Maturity Model (often used in its Integrated form, CMMI) provides a structured approach for assessing and improving processes within an organization. By evaluating the maturity level of the processes, the organization can get a clear view of the current state, effectiveness, and maturity of its IT risk management program.
Option B, "Balanced scorecard," is a strategic performance management tool that looks at a variety of indicators across different organizational perspectives, but it may not provide a detailed view of the IT risk management program's maturity and effectiveness.
Option C, "Control self-assessment (CSA)," provides a way for organizations to assess the effectiveness of their controls, but it doesn't provide a comprehensive view of the IT risk management program's maturity.
Option D, "Internal audit plan," provides a schedule and scope for internal audits but doesn't provide a comprehensive assessment of the maturity and effectiveness of the IT risk management program.
Thus, assessing the capability maturity level would be the most useful method for regularly reporting on the overall status and effectiveness of the IT risk management program.
B. Balanced scorecard
The balanced scorecard is MOST useful for regularly reporting on the overall status and effectiveness of the IT risk management program. The balanced scorecard is a strategic performance management framework that provides a balanced view of an organization's performance across multiple dimensions, including financial, customer, internal processes, and learning and growth.
From the self-assessment questions (7th CRISC manual, chapter 3), 'a scorecard allows management to measure strategy implementation and assist management in translating it into action'.
I think scorecard is right here. CMM generally used when compare with peer organization or gap analysis. Scorecard is kind academic report of individual in different areas of company like finance, process, customers etc.
I think the correct answer is A. Capability maturity level
upvoted 4 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
01010100
6 months, 2 weeks agoStaanlee
7 months, 1 week agoCbtL
1 year agoKoulyo
1 year agojohn_boogieman
1 year, 2 months agoSuchib
1 year, 3 months agoCbtL
1 year agoAllaAlla
2 years, 1 month agoRaj1510
2 years, 3 months agoohamdan
2 years, 10 months ago