Certified in Risk and Information Systems Control (CRISC) — Question 1394

Which of the following BEST demonstrates that an implemented control is effective in mitigating the intended risk?

Answer options

• A. Successful outcome of an external audit
• B. Accurate reporting of control test results to management
• C. Successful completion of risk action plans related to the control
• D. Appropriate assignment of control ownership to mitigate risk

Correct answer: C

Explanation

The correct answer is C because the successful completion of risk action plans indicates that the control is functioning as intended to mitigate identified risks. The other options, while indicative of control performance, do not directly confirm the effectiveness of the control in reducing risk as clearly as the completion of action plans does.