Certified in Risk and Information Systems Control (CRISC) — Question 661

When confirming whether implemented controls are operating effectively, which of the following is MOST important to review?

Answer options

• A. Maturity model
• B. Results of risk assessments
• C. Number of emergency change requests
• D. Results of benchmarking studies

Correct answer: B

Explanation

The results of risk assessments are essential as they provide insights into the potential vulnerabilities and the effectiveness of the controls in place. Maturity models, emergency change requests, and benchmarking studies can offer supporting information, but they do not directly assess the actual effectiveness of the controls like risk assessments do.