Certified in Risk and Information Systems Control (CRISC) — Question 414

A recent change in accounting policy has the potential to impact a known risk related to an organization's financial software. Which of the following should the risk practitioner do FIRST?

Answer options

• A. Analyze and update the risk register as needed.
• B. Conduct software testing for required code updates.
• C. Analyze and update associated control assessments.
• D. Determine whether the risk response is still adequate.

Correct answer: D

Explanation

The correct answer is D because before taking any further actions, it's essential to confirm whether the existing risk response is still appropriate given the change. Options A, B, and C are important but should follow after ensuring that the risk response is still adequate.