Certified in Risk and Information Systems Control (CRISC) — Question 799

Which of the following is the BEST approach to mitigate the risk associated with a control deficiency?

Answer options

• A. Perform a business case analysis.
• B. Conduct a control self-assessment (CSA).
• C. Build a provision for risk.
• D. Implement compensating controls.

Correct answer: D

Explanation

Implementing compensating controls is the best way to address the risk associated with a control deficiency because it provides alternative safeguards to reduce the impact of the deficiency. Options A, B, and C do not directly address the deficiency itself; rather, they focus on analysis or planning without providing immediate protective measures.