Certified in Risk and Information Systems Control (CRISC) — Question 968
A risk practitioner has established that a particular control is working as desired, but the annual cost of maintenance has increased and now exceeds the expected annual loss exposure. The result is that the control is:
Answer options
- A. inefficient.
- B. ineffective.
- C. optimized.
- D. mature.
Correct answer: A
Explanation
The correct answer is A, as the increased maintenance cost indicates that the control is not providing sufficient value relative to its expenses, making it inefficient. Options B, C, and D do not accurately reflect the situation because the control is functioning as intended (not ineffective), and the costs indicate it is neither optimized nor mature.