Certified in Risk and Information Systems Control (CRISC) — Question 1443
Senior management has asked a risk practitioner to develop technical risk scenarios related to a recently developed enterprise resource planning (ERP) system.
These scenarios will be owned by the system manager. Which of the following would be the BEST method to use when developing the scenarios?
Answer options
- A. Bottom-up approach
- B. Cause-and-effect diagram
- C. Top-down approach
- D. Delphi technique
Correct answer: A
Explanation
The Bottom-up approach is the most effective method because it allows for detailed insights and inputs from those who are directly involved in the system's operations, ensuring that all technical aspects are thoroughly considered. The other options, such as the Top-down approach, might overlook critical technical details, while the Delphi technique focuses on expert opinions rather than hands-on input, and the Cause-and-effect diagram is more suited for analyzing specific issues rather than developing comprehensive risk scenarios.