Certified in Risk and Information Systems Control (CRISC) — Question 1219
An organization recently completed a major restructuring project to reduce overhead costs by streamlining the approval hierarchy. Which of the following should be done FIRST by the control owner?
Answer options
- A. Evaluate effectiveness of risk responses.
- B. Revise risk classifications.
- C. Execute control test plans.
- D. Analyze the control assessments.
Correct answer: C
Explanation
The correct first step is to execute control test plans, as it ensures that the newly established controls are functioning as intended after the restructuring. Evaluating the effectiveness of risk responses, revising risk classifications, and analyzing control assessments are important but should be done after the initial testing of the controls to confirm their operational integrity.