CRISC Question #223: Real Exam Question with Answer & Explanation

Sign in or unlock CRISC to reveal the answer and full explanation for question #223. The question stem and answer options stay visible for context.

Submitted by brentm· Apr 18, 2026Risk Response and Reporting

Question

During a risk assessment, a risk practitioner learns that an IT risk factor is adequately mitigated by compensating controls in an associated business process. Which of the following would enable the MOST effective management of the residual risk?

Options

ASchedule periodic reviews of the compensating controls' effectiveness.
BReport the use of compensating controls to senior management.
CRecommend additional IT controls to further reduce residual risk.
DRequest that ownership of the compensating controls is reassigned to IT

Unlock CRISC to see the answer

You've previewed enough free CRISC questions. Unlock CRISC for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock CRISC - $49.99 / 30 days Sign in

Topics

#Residual Risk Management#Compensating Controls#Control Monitoring#Risk Response

Full CRISC Practice Browse All CRISC Questions