Isaca Certified in Risk and Information Systems Control CRISC Question # 258 Topic 26 Discussion
CRISC Exam Topic 26 Question 258 Discussion:
Question #: 258
Topic #: 26
A large organization recently restructured the IT department and has decided to outsource certain functions. What action should the control owners in the IT department take?
A.
Conduct risk classification for associated IT controls.
B.
Determine whether risk responses still effectively address risk.
According to the ISACA Risk and Information Systems Control study guide and handbook, the control owners in the IT department should determine whether risk responses still effectively address risk after a restructuring and outsourcing of certain functions. This is because the restructuring and outsourcing may have changed the risk profile, the control environment, and the control activities of the IT department. The control owners should review the existing risk responses and evaluate if they are still appropriate, adequate, and efficient in mitigating the risks associated with the outsourced functions. The control owners should also monitor the performance and compliance of the service providers and ensure that the contractual obligations and service level agreements are met12
1: ISACA Risk and Information Systems Control Study Guide, 4th Edition, page 33 2: ISACA Risk and Information Systems Control Handbook, 1st Edition, page 25
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit