Certified in Risk and Information Systems Control (CRISC) — Question 543
A risk practitioner implemented a process to notify management of emergency changes that may not be approved. Which of the following is the BEST way to provide this information to management?
Answer options
- A. Change logs
- B. Key control indicators (KCIs)
- C. Key risk indicators (KRIs)
- D. Change management meeting minutes
Correct answer: D
Explanation
Providing information through Change management meeting minutes is the best approach because it captures detailed discussions and decisions made regarding emergency changes. Change logs, KCIs, and KRIs, while useful, do not offer the same level of contextual detail about the approval status of changes.