Certified in Risk and Information Systems Control (CRISC) — Question 682

Establishing an organizational code of conduct is an example of which type of control?

Answer options

• A. Directive
• B. Preventive
• C. Detective
• D. Compensating

Correct answer: B

Explanation

The correct answer is B, as a code of conduct serves to prevent undesirable behavior by establishing clear expectations and guidelines. Directive controls provide guidance but do not actively prevent issues, while detective controls are designed to identify problems after they occur, and compensating controls serve as alternative measures to mitigate risks.