Certified Information Systems Auditor (CISA) — Question 1176
To ensure the effectiveness of project risk management, when should the project risk register be reviewed and updated?
Answer options
- A. During the design phase of the project
- B. During the planning phase of the project
- C. At the end of each phase of the project
- D. Throughout the lifetime of the project
Correct answer: D
Explanation
The correct answer is D because the project risk register should be a living document that is consistently updated to reflect new risks and changes throughout the project's lifecycle. Options A, B, and C imply that the review is limited to specific phases, which can lead to unaddressed risks emerging in other phases.