ISACA IT Risk Fundamentals — Question 8

Risk monitoring is MOST effective when it is conducted:

Answer options

• A. throughout the risk treatment planning process.
• B. following changes to the business’s environment.
• C. before and after completing the risk treatment plan.

Correct answer: B

Explanation

The correct answer is B because monitoring risks is most effective after changes in the business environment, as this allows for timely adjustments to be made. Option A is incorrect because conducting monitoring solely during planning may miss critical updates. Option C is not ideal since monitoring should occur primarily after changes, rather than just at the beginning and end.