Certified in Risk and Information Systems Control (CRISC) — Question 436

Which of the following is MOST important for an IT risk practitioner to update once risk mitigation action plans have been verified as completed?

Answer options

• A. Risk rating
• B. Control inventory
• C. Risk impact
• D. Control ownership

Correct answer: A

Explanation

Updating the Risk rating is vital as it reflects the changes in risk exposure after mitigation actions are validated. While Control inventory, Risk impact, and Control ownership are important, they do not directly indicate the current risk level after mitigation efforts have been applied.