Certified in Risk and Information Systems Control (CRISC) — Question 1120

An organization is planning a project to replace several complex manual controls with automated processes. Which of the following is the risk practitioner's MOST important course of action?

Answer options

• A. Test the automated processes to ensure results are accurate.
• B. Determine whether the automated processes adequately address the risk.
• C. Establish the degree of control efficiency improvement.
• D. Update the associated control assessments for the automated processes.

Correct answer: B

Explanation

The most critical action is to assess whether the automated processes sufficiently mitigate the risk, ensuring that the new system effectively addresses potential threats. Testing the accuracy of results (Option A), establishing control efficiency improvements (Option C), and updating control assessments (Option D) are also important but secondary to ensuring that risks are adequately managed.