Certified in Risk and Information Systems Control (CRISC) — Question 1025

Which of the following is the MOST important action for a risk practitioner when a recovery test indicates control gaps?

Answer options

• A. Verify test specifications.
• B. Review the recovery test report.
• C. Perform a root cause analysis.
• D. Develop an action plan.

Correct answer: D

Explanation

Developing an action plan is vital as it outlines the steps needed to address the identified control gaps. While verifying test specifications, reviewing the test report, and performing a root cause analysis are important, they are preparatory steps that do not directly lead to remediation of the issues found.