Certified in Risk and Information Systems Control (CRISC) — Question 535

An organization is implementing robotic process automation (RPA) to streamline business processes. Given that implementation of this technology is expected to impact existing controls, which of the following is the risk practitioner’s BEST course of action?

Answer options

• A. Perform a gap analysis of the impacted processes.
• B. Update the data governance policy to address the new technology.
• C. Reassess whether mitigating controls address the known risk in the processes.
• D. Update processes to address the new technology.

Correct answer: A

Explanation

The best course of action is to perform a gap analysis of the impacted processes, as it helps identify discrepancies and areas that need attention due to the introduction of RPA. Updating the data governance policy, reassessing controls, and modifying processes are important steps but come after understanding the specific gaps in the existing processes.