Certified in Risk and Information Systems Control (CRISC) — Question 1164

Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of IT policies? The number of:

Answer options

• A. senior management approvals.
• B. processes covered by IT policies.
• C. IT policy exceptions granted.
• D. key technology controls covered by IT policies.

Correct answer: C

Explanation

The correct answer, C, is the best indicator because it reflects how many deviations from the established policies are allowed, highlighting the policies' effectiveness in managing exceptions. In contrast, A measures approval processes, B counts covered processes without indicating effectiveness, and D focuses on controls rather than exceptions, which do not directly assess policy effectiveness.