CRISC Question #358: Real Exam Question with Answer & Explanation

Sign in or unlock CRISC to reveal the answer and full explanation for question #358. The question stem and answer options stay visible for context.

Submitted by lucia.co· Apr 18, 2026Risk Response and Reporting

Question

Which of the following is the BEST response when a potential IT control deficiency has been identified?

Options

ARemediate and report the deficiency to the enterprise risk committee.
BVerify the deficiency and then notify the business process owner.
CVerify the deficiency and then notify internal audit.
DRemediate and report the deficiency to senior executive management.

Unlock CRISC to see the answer

You've previewed enough free CRISC questions. Unlock CRISC for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock CRISC - $49.99 / 30 days Sign in

Topics

#Control deficiency#Notification#Business process owner#Risk identification

Full CRISC Practice Browse All CRISC Questions