Certified in Risk and Information Systems Control (CRISC) — Question 1417
Which of the following would be MOST helpful to understand the impact of a new technology system on an organization's current risk profile?
Answer options
- A. Conduct a gap analysis
- B. Review existing risk mitigation controls
- C. Perform a risk assessment
- D. Hire consultants specializing in the new technology
Correct answer: C
Explanation
Performing a risk assessment is essential as it systematically identifies and evaluates risks associated with the new technology, providing a comprehensive understanding of its impact on the organization's risk profile. While conducting a gap analysis and reviewing existing controls are useful, they do not directly assess the risks posed by the new system. Hiring consultants may provide expertise but does not replace the need for an in-house risk assessment.