Certified in Risk and Information Systems Control (CRISC) — Question 714

Which of the following is the BEST
approach when a risk practitioner has been asked by a business unit manager for special consideration during a risk assessment of a system?

Answer options

• A. Conduct an abbreviated version of the assessment.
• B. Recommend an internal auditor perform the review.
• C. Perform the assessment as it would normally be done.
• D. Report the business unit manager for a possible ethics violation.

Correct answer: D

Explanation

The correct answer is D because if a business unit manager is requesting special consideration during a risk assessment, it raises ethical concerns that need to be addressed. The other options, while they suggest alternative approaches, do not prioritize the integrity of the risk assessment process or address potential ethical violations.