Certified in Risk and Information Systems Control (CRISC) — Question 648

The PRIMARY purpose of IT control status reporting is to:

Answer options

• A. assist internal audit in evaluating and initiating remediation efforts.
• B. ensure compliance with IT governance strategy.
• C. facilitate the comparison of the current and desired states.
• D. benchmark IT controls with industry standards.

Correct answer: C

Explanation

The correct answer is C because the primary aim of IT control status reporting is to evaluate the current IT state versus the intended goals. Option A, while relevant, is more of a secondary benefit, whereas B focuses on compliance, and D relates to benchmarking rather than direct status evaluation.