Certified in Risk and Information Systems Control (CRISC) — Question 1009

The MAIN purpose of conducting a control self-assessment (CSA) is to:

Answer options

• A. reduce the dependency on external audits
• B. gain a better understanding of the risk in the organization
• C. gain a better understanding of the control effectiveness in the organization
• D. adjust the controls prior to an external audit

Correct answer: C

Explanation

The correct answer is C because the primary goal of a control self-assessment is to evaluate how well the existing controls are functioning within the organization. Options A, B, and D, while related to audits and risk understanding, do not directly address the assessment of control effectiveness, which is the key focus of a CSA.