Certified in Risk and Information Systems Control (CRISC) — Question 430

Which of the following is the MAIN reason for documenting the performance of controls?

Answer options

• A. Justifying return on investment
• B. Demonstrating effective risk mitigation
• C. Providing accurate risk reporting
• D. Obtaining management sign-off

Correct answer: B

Explanation

The correct answer is B, as documenting performance helps to show that the controls in place effectively mitigate risks. The other options, while important, do not directly relate to the primary goal of demonstrating risk mitigation effectiveness.