CGEIT Question #370: Real Exam Question with Answer & Explanation

Question

Business management is seeking assurance from the CIO that controls are in place to help minimize the risk of critical IT systems being unavailable during month-end financial processing. What is the BEST way to address this concern?

Options

• ACreate a communication plan with risk owners.
• BOutsource infrastructure hosting.
• CRestrict and monitor user access.
• DDevelop key risk indicators (KRIs) and action plans.

Explanation

Developing Key Risk Indicators (KRIs) and associated action plans is the best way to address concerns about critical IT system availability, providing proactive insights and clear mitigation strategies.

Common mistakes.

• A. A communication plan is important for risk management but doesn't in itself assure business management that controls are in place or that risks are being actively minimized.
• B. Outsourcing infrastructure hosting transfers some operational responsibilities but does not inherently guarantee system availability or address the specific concern about control visibility without further measures.
• C. Restricting and monitoring user access primarily addresses security and data integrity risks, not directly the comprehensive risk of critical system unavailability.

Concept tested. Proactive risk management and reporting

Reference. https://learn.microsoft.com/en-us/azure/security/fundamentals/metrics-kpis-okrs

No community discussion yet for this question.