Certified in Risk and Information Systems Control (CRISC) — Question 626

A project team recommends accepting the residual risk associated with known regulatory control deficiencies. Which of the following is the risk practitioner's
MOST important recommendation to the project manager?

Answer options

• A. Present the remaining deficiencies to the project steering committee for sign-off.
• B. Assess the risk of the remaining deficiencies and develop an action plan.
• C. Update the project risk register with the remaining deficiencies and remediation actions.
• D. Confirm a timeline to remediate the remaining deficiencies after the project goes live.

Correct answer: B

Explanation

The correct answer, B, emphasizes the importance of evaluating the risk associated with the remaining deficiencies and creating a plan for addressing them. This proactive approach is crucial in risk management. The other options either focus on documentation or approvals without addressing the need for a risk assessment and action plan.