Certified in Risk and Information Systems Control (CRISC) — Question 617

Which of the following provides the MOST reliable evidence of a control’s effectiveness?

Answer options

• A. Senior management’s attestation
• B. A detailed process walk-through
• C. A risk and control self-assessment
• D. A system-generated testing report

Correct answer: D

Explanation

The system-generated testing report provides the most objective and quantifiable evidence of a control's effectiveness, as it is based on actual data and testing results. In contrast, senior management's attestation and other subjective assessments can be influenced by bias. A detailed process walk-through and a risk and control self-assessment, while useful, do not provide the same level of reliability as a systematic report.