Certified in Risk and Information Systems Control (CRISC) — Question 78

Which of the following is the BEST way to validate whether controls have been implemented according to the risk mitigation action plan?

Answer options

• A. Implement key risk indicators (KRIs)
• B. Test the control design
• C. Test the control environment
• D. Implement key performance indicators (KPIs)

Correct answer: B

Explanation

The correct answer, B, is appropriate because testing the control design directly verifies that the controls are structured as intended in the risk mitigation plan. Options A and D focus on indicators that measure performance or risk but do not validate the controls themselves. Option C assesses the environment rather than the specific controls, making it less effective for this purpose.