CRISC · Question #127
CRISC Question #127: Real Exam Question with Answer & Explanation
The correct answer is C: Escalate the issue to senior management. When a new control significantly impacts productivity, the best course of action is to escalate the issue to senior management to determine the appropriate balance between compliance, risk, and operational efficiency.
Question
A control process has been implemented in response to a new regulatory requirement, but has significantly reduced productivity. Which of the following is the BEST way to resolve this concern?
Options
- AAbsorb the loss in productivity.
- BRequest a waiver to the requirements.
- CEscalate the issue to senior management
- DRemove the control to accommodate business objectives.
Explanation
When a new control significantly impacts productivity, the best course of action is to escalate the issue to senior management to determine the appropriate balance between compliance, risk, and operational efficiency.
Common mistakes.
- A. Simply absorbing the loss in productivity without seeking a solution may be detrimental to the business and indicates a failure to manage the operational impact of controls.
- B. Requesting a waiver to regulatory requirements is typically a complex process with a low probability of success, especially for newly implemented controls, and does not address the underlying issue of the control's impact.
- D. Removing the control is a non-compliant action that exposes the organization to regulatory fines and increased risk, which is almost certainly not the 'best way' to resolve the concern.
Concept tested. Balancing security controls and business objectives
Reference. https://csrc.nist.gov/publications/detail/sp/800-39/final
Topics
Community Discussion
No community discussion yet for this question.