Certified in Risk and Information Systems Control (CRISC) — Question 1108

After the announcement of a new IT regulatory requirement, it is MOST important for a risk practitioner to:

Answer options

• A. prepare an IT risk mitigation strategy
• B. review the impact to the IT environment
• C. escalate to senior management
• D. perform a cost-benefit analysis

Correct answer: B

Explanation

The correct answer is B because it is crucial to understand how the new regulatory requirement will affect the existing IT environment before taking further actions. Options A, C, and D, while important, should follow the assessment of impacts to ensure that any strategies or reports are well-informed and relevant.