The primary objective for requiring an independent review of an organization’s IT risk management process should be to assess gaps in IT risk management operations and strategicfocus, as this helps to identify the strengths and weaknesses of the current process, and to provide recommendations for improvement and alignment with the enterprise’s objectives and environment. An independent review is an objective and unbiased evaluation of the IT risk management process by a qualified and competent party that is not involved in the process. An independent review can help to ensure the quality, effectiveness, and efficiency of the IT risk management process, as well as to enhance the credibility and confidence of the process. Confirming that IT risk assessment results are expressed as business impact, verifying implemented controls to reduce the likelihood of threat materialization, and ensuring IT risk management is focused on mitigating potential risk are not the primary objectives for requiring an independent review of an organization’s IT risk management process, but rather the expected outcomes or benefits of the independent review. References = CRISC Certified in Risk and Information Systems Control – Question219; ISACA Certified in Risk and Information Systems Control (CRISC) Certification Exam Question and Answers, question 219.