CRISC Question #480: Real Exam Question with Answer & Explanation

Question

Reviewing which of the following would provide the MOST useful information when preparing to evaluate the effectiveness of existing controls?

Options

• APrevious audit reports
• BControl objectives
• CRisk responses in the risk register
• DChanges in risk profiles

Explanation

Evaluating control effectiveness is most useful when considering how controls address current risks, so reviewing changes in risk profiles highlights where control effectiveness is most critical.

Common mistakes.

• A. Previous audit reports provide historical data, but may not reflect the current relevance or effectiveness of controls against today's risk profile.
• B. Control objectives define what a control should achieve, which is essential context, but reviewing changes in risk profiles shows why a control's effectiveness needs evaluation now.
• C. Risk responses in the risk register detail the planned actions for risks, but understanding changes in the risk profile informs which controls tied to those responses should be prioritized for effectiveness evaluation.

Concept tested. Prioritizing control effectiveness evaluation

No community discussion yet for this question.