Certified in Risk and Information Systems Control (CRISC) — Question 517

Which of the following should be of MOST concern to a risk practitioner reviewing a recent audit report of an organization's data center?

Answer options

• A. Ownership of action plans has not been assigned
• B. The data center is not fully redundant
• C. Audit scope was not communicated to senior management
• D. Key risk indicators (KRIs) are not leading indicators

Correct answer: A

Explanation

The correct answer, A, highlights a critical issue where action plans lack assigned ownership, which can lead to unresolved risks. While options B, C, and D are also significant, they do not directly impede the follow-up and accountability necessary to address the risks identified in the audit.