Certified in Risk and Information Systems Control (CRISC) — Question 676

Which of the following BEST enables effective IT control implementation?

Answer options

• A. Information security policies
• B. Documented procedures
• C. Information security standards
• D. Key risk indicators (KRIs)

Correct answer: B

Explanation

Documented procedures provide a clear and consistent framework for implementing IT controls, ensuring that all necessary steps are followed. While information security policies, standards, and key risk indicators are important, they do not offer the same level of practical guidance for control execution as documented procedures do.