Certified in Risk and Information Systems Control (CRISC) — Question 784

Which of the following should be management's PRIMARY focus when key risk indicators (KRIs) begin to rapidly approach defined thresholds?

Answer options

• A. Determining what has changed in the environment
• B. Assessing the effectiveness of the incident response plan
• C. Determining if KRIs have been updated recently
• D. Designing compensating controls

Correct answer: A

Explanation

The correct answer is A because understanding changes in the environment is crucial for identifying the reasons behind the shift in KRIs. Options B, C, and D are important but secondary; they focus on response and updates rather than the immediate need to grasp the context of the risk escalation.