Certified in Risk and Information Systems Control (CRISC) — Question 489

What should be the PRIMARY objective for a risk practitioner performing a post-implementation review of an IT risk mitigation project?

Answer options

• A. Confirming that the project budget was not exceeded
• B. Documenting project lessons learned
• C. Validating that the risk mitigation project has been completed
• D. Verifying that the risk level has been lowered

Correct answer: D

Explanation

The primary goal of a post-implementation review is to ensure that the risk level has been effectively lowered, confirming the success of the risk mitigation project. While confirming budget adherence, documenting lessons learned, and validating project completion are important, they do not directly address the core purpose of risk mitigation, which is to reduce risk.