Isaca Certified in Risk and Information Systems Control CRISC Question # 320 Topic 33 Discussion
CRISC Exam Topic 33 Question 320 Discussion:
Question #: 320
Topic #: 33
As part of its risk strategy, an organization decided to transition its financial system from a cloud-based provider to an internally managed system. Which of the following should the risk practitioner do FIRST?
A.
Reassess whether the risk responses properly address known risks and vulnerabilities
B.
Analyze the risk register to identify potential updates and changes
C.
Evaluate existing control test plans of the system for potential changes
D.
Update the processes within impacted financial control assessments
Whenever there is achange in sourcing strategy, such as moving from cloud to internal hosting, thefirst stepis to reassess theeffectiveness and completeness of existing risk responsesand confirm that they still mitigate the risks appropriately.
CRISC emphasizes:
“When transitioning services or changing control environments, practitioners should reassess risk responses and validate that previously identified risks and vulnerabilities remain properly addressed.”
Only after reassessment should the practitioner proceed to update registers, controls, and audit plans.
Hence,Ais the correct answer.
CRISC Reference:Domain 3 – Risk Response and Mitigation, Topic: Managing Control Changes.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit