Certified in Risk and Information Systems Control (CRISC) — Question 983

Which of the following is the MOST important course of action for a risk practitioner when reviewing the results of control performance monitoring?

Answer options

• A. Analyze appropriateness of key performance indicators (KPIs).
• B. Evaluate changes to the organization’s risk profile.
• C. Confirm controls achieve regulatory compliance.
• D. Validate whether the controls effectively mitigate risk.

Correct answer: D

Explanation

The correct answer, D, is vital because the primary goal of controls is to effectively mitigate risk. While the other options are important, they focus on compliance, changes in risk profile, or KPI relevance, which do not directly address the effectiveness of the controls in risk reduction.