Certified in Risk and Information Systems Control (CRISC) — Question 260

Which of the following would be MOST helpful to a risk practitioner when ensuring that mitigated risk remains within acceptable limits?

Answer options

• A. Implementing a process for ongoing monitoring of control effectiveness.
• B. Designing a process for risk owners to periodically review identified risk.
• C. Ensuring risk owners participate on a periodic control testing process.
• D. Building an organizational risk profile after updating the risk register.

Correct answer: A

Explanation

Option A is correct because ongoing monitoring of control effectiveness is essential for ensuring that risks remain within acceptable limits. The other options focus on periodic reviews or participation, which, while important, do not provide the continuous oversight necessary to keep mitigated risks in check.