Isaca Certified in Risk and Information Systems Control CRISC Question # 295 Topic 30 Discussion
CRISC Exam Topic 30 Question 295 Discussion:
Question #: 295
Topic #: 30
An internal audit report reveals that a legacy system is no longer supported Which of the following is the risk practitioner's MOST important action before recommending a risk response'
A.
Review historical application down me and frequency
B.
Assess the potential impact and cost of mitigation
C.
identify other legacy systems within the organization
D.
Explore the feasibility of replacing the legacy system
A legacy system is an old or outdated IT system that is still in use by an organization. A legacy system may pose various risks to the organization, such as security vulnerabilities, compatibility issues, performance degradation, maintenance challenges, etc. When an internal audit report reveals that a legacy system is no longer supported by the vendor or the manufacturer, the risk practitioner’s most important action before recommending a risk response is to assess the potential impact and cost of mitigation, which means to estimate the consequences and expenses of the risk event if the legacy system fails or malfunctions. By assessing the potential impact andcost of mitigation, the risk practitioner can evaluate the risk exposure and determine the appropriate risk response, such as accepting, avoiding, transferring, or reducing the risk. References = 4
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit