This is covered in the 7th edition of the review manual, pg 161 3.8.3 and pg 165 3.9.2. Pg 161 talks only about updating documentation related to the control. Pg 165 talks about after the control is deemed effective, update the risk register. If you think the question is making a point of omitting that the control has been evaluated as effective, then "control inventory" is the best answer. If you think it is about remembering to update the risk register then A seems the better answer. Horrible question :)
Correction, reason:
The risk rating is a measure of the likelihood and impact of a risk occurring, and it takes into account both the probability and impact of the risk event. If the risk mitigation plan has successfully reduced either the probability, impact, or both, then updating the risk rating will capture the net effect of the mitigation plan.
control inventory should be updated once risk mitigation action plans have been verified as completed. A control inventory is a list of all the controls that an organization has in place to manage risk. It is important for the IT risk practitioner to update the control inventory once risk mitigation action plans have been verified as completed, as this helps to ensure that the inventory is accurate and up-to-date.
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
trev0r
2 days, 18 hours agoCbtL
8 months, 1 week agoKoulyo
9 months, 1 week agojohn_boogieman
10 months, 2 weeks agojohn_boogieman
10 months, 2 weeks agojohn_boogieman
11 months, 1 week agoGRamos
1 year agoGRamos
1 year agoskhalid
1 year, 1 month agoblokey
1 year, 1 month ago