Certified in Risk and Information Systems Control (CRISC) — Question 1434

Which of the following is the BEST way to assess the effectiveness of an access management process?

Answer options

• A. Reviewing for compliance with acceptable use policy
• B. Reviewing access logs for user activity
• C. Comparing the actual process with the documented process
• D. Reconciling a list of accounts belonging to terminated employees

Correct answer: C

Explanation

The correct answer is C because comparing the actual process with the documented process allows for identifying discrepancies and ensuring that the access management is functioning as intended. Options A and B focus on compliance and user activity but do not directly assess the process itself. Option D is relevant to account management but does not evaluate the overall effectiveness of the access management process.