Certified in Risk and Information Systems Control (CRISC) — Question 280

Which of the following facilitates a completely independent review of test results for evaluating control effectiveness?

Answer options

• A. Segregation of duties
• B. Compliance review
• C. Three lines of defense
• D. Quality assurance review

Correct answer: C

Explanation

The correct answer is C, as the 'Three lines of defense' model promotes a structured approach to risk management and control effectiveness evaluation by ensuring independence between different roles. Options A, B, and D do not provide the same level of independent review, as they focus on either internal processes or compliance without the layered defense mechanism that supports impartial assessments.