Certified in Risk and Information Systems Control (CRISC) — Question 627

A bank recently incorporated blockchain technology with the potential to impact known risk within the organization. Which of the following is the risk practitioner's
BEST course of action?

Answer options

• A. Analyze and update control assessments with the new processes.
• B. Conduct testing of the controls that mitigate the existing risk.
• C. Determine whether risk responses are still adequate.
• D. Analyze the risk and update the risk register as needed.

Correct answer: D

Explanation

The best action is to evaluate the risk and update the risk register as needed, since this ensures that new risks introduced by blockchain technology are documented and managed appropriately. Analyzing and updating control assessments (A), conducting control tests (B), and determining adequacy of risk responses (C) are important but secondary steps that follow after the risk itself has been properly assessed and recorded.