Certified in Risk and Information Systems Control (CRISC) — Question 166

Which of the following provides the MOST up-to-date information about the effectiveness of an organization's overall IT control environment?

Answer options

Correct answer: B

Explanation

Key performance indicators (KPIs) provide real-time data on the effectiveness of IT controls, making them the most current source of information. Periodic penetration testing and internal audit findings may not provide continuous insights, and risk heat maps visualize risks but do not measure control effectiveness directly.