Certified in Risk and Information Systems Control (CRISC) — Question 206

Which of the following is MOST important to include when identifying risk scenarios for inclusion in a risk review of a third-party service provider?

Answer options

• A. Open vendor issues.
• B. Purchasing agreements.
• C. Supplier questionnaires.
• D. Process mapping.

Correct answer: D

Explanation

Process mapping is essential as it allows for a detailed understanding of the workflows and potential risks associated with third-party services. Open vendor issues, purchasing agreements, and supplier questionnaires are important, but they do not provide the same level of insight into the processes that could lead to risks.