Certified in Risk and Information Systems Control (CRISC) — Question 282

Which of the following is the BEST key performance indicator (KPI) for determining how well an IT policy is aligned to business requirements?

Answer options

• A. Total cost of policy breaches.
• B. Total cost to support the policy.
• C. Number of exceptions to the policy.
• D. Number of inquiries regarding the policy.

Correct answer: C

Explanation

The correct answer is C, as the number of exceptions to the policy directly indicates how well the policy meets business requirements; a high number suggests misalignment. Options A and B focus on costs rather than alignment, while D reflects inquiries that may not necessarily indicate business alignment.