Certified in Risk and Information Systems Control (CRISC) — Question 700

Which of the following would BEST ensure that identified risk scenarios are addressed?

Answer options

• A. Performing real-time monitoring of threats
• B. Creating a separate risk register for key business units
• C. Performing regular risk control self-assessments
• D. Reviewing the implementation of the risk response

Correct answer: D

Explanation

The correct answer, D, involves assessing how well the risk response has been implemented, ensuring that identified risks are actively addressed. Option A focuses on monitoring but does not guarantee that responses are effective. Option B suggests creating a risk register, which is useful but does not address the implementation of responses. Option C involves self-assessments, which are important but not as direct in verifying the effectiveness of risk responses.