Certified in Risk and Information Systems Control (CRISC) — Question 369

Which of the following is MOST important for a risk practitioner to consider when evaluating plans for changes to IT services?

Answer options

• A. User acceptance testing (UAT)
• B. Impact assessment of the change
• C. Change communication plan
• D. Change testing schedule

Correct answer: B

Explanation

The impact assessment of the change is crucial as it identifies potential risks and consequences associated with the modification to IT services. While user acceptance testing, communication plans, and testing schedules are important, they do not directly address the overall impact of the change, which is essential for effective risk management.