Certified in Risk and Information Systems Control (CRISC) — Question 860

A process maturity model is MOST useful to the risk management process because it helps:

Answer options

• A. reduce audit and regulatory findings
• B. determine the cost of control improvements
• C. benchmark maturity against industry standards
• D. determine the gap between actual and desired state

Correct answer: D

Explanation

The correct answer, D, is right because a process maturity model provides insights into the differences between where an organization currently stands and where it aims to be, which is crucial for effective risk management. The other options, while relevant to risk management, do not specifically address the primary purpose of a maturity model in assessing and closing gaps in processes.