Certified in Risk and Information Systems Control (CRISC) — Question 434

Which of the following would BEST enable senior management to make informed decisions about the effectiveness of existing controls to mitigate risk?

Answer options

• A. Quantitative analysis of total control cost in monetary terms
• B. Quantitative measurement of the controls' ability to reduce the likelihood of risk events occurring
• C. Qualitative assessment of control effectiveness by surveying control owners
• D. Qualitative measurement of the impact on business operations should a risk event occur

Correct answer: B

Explanation

The correct answer, B, is focused on quantitatively measuring how effectively controls decrease the probability of risk events, providing valuable data for decision-making. Option A only looks at costs, which does not reflect effectiveness, while C relies on subjective surveys that may not provide reliable data, and D assesses impacts rather than effectiveness of controls.