Certified in Risk and Information Systems Control (CRISC) — Question 459

Which of the following would require updates to an organization's IT risk register?

Answer options

• A. Discovery of an ineffectively designed key IT control
• B. Management review of key risk indicators (KRIs)
• C. Changes to the team responsible for maintaining the register
• D. Completion of the latest internal audit

Correct answer: A

Explanation

Identifying an inadequately designed key IT control indicates a significant risk that must be documented in the risk register. While reviews of KRIs, team changes, and internal audits are important for risk management, they do not directly signal the need for immediate updates to the risk register like a design flaw does.