Certified in Risk and Information Systems Control (CRISC) — Question 149

Which of the following is the MOST important factor when deciding on a control to mitigate risk exposure?

Answer options

• A. Comparison against best practice
• B. Relevance to the business process
• C. Regulatory compliance requirements
• D. Cost-benefit analysis

Correct answer: D

Explanation

The correct answer, D, highlights the importance of weighing the costs against the benefits of a control to ensure it effectively mitigates risk without being economically unfeasible. While options A, B, and C are relevant considerations, they do not prioritize the financial implications that can significantly impact decision-making.