Isaca Certified in Risk and Information Systems Control CRISC Question # 256 Topic 26 Discussion
CRISC Exam Topic 26 Question 256 Discussion:
Question #: 256
Topic #: 26
After the review of a risk record, internal audit questioned why the risk was lowered from medium to low. Which of the following is the BEST course of action in responding to this inquiry?
A.
Obtain industry benchmarks related to the specific risk.
B.
Provide justification for the lower risk rating.
C.
Notify the business at the next risk briefing.
D.
Reopen the risk issue and complete a full assessment.
The best course of action in responding to the internal audit inquiry is to provide justification for the lower risk rating. This would demonstrate that the risk record was updated based on a valid and documented rationale, such as changes in the risk environment, risk drivers, risk indicators, or risk responses. Providing justification would also help to maintain the transparency and accountability of the risk management process, and ensure that the internal audit is satisfied with the risk assessment outcome. References = Risk and Information Systems Control Study Manual, 7th Edition, Chapter 4, Section 4.2.3, page 184.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit