Isaca Certified in Risk and Information Systems Control CRISC Question # 335 Topic 34 Discussion
CRISC Exam Topic 34 Question 335 Discussion:
Question #: 335
Topic #: 34
A key risk indicator (KRI) for technology operations has been above risk thresholds for the last three reporting periods. What is the BEST way for a risk practitioner to address this concern?
A.
Adjust the original thresholds for the KRI for future reporting periods
B.
Initiate corrective actions with the accountable risk owner
C.
Implement forward-looking risk metrics to compare results
D.
Continue monitoring the KRI for changes in subsequent reporting periods
If a KRI consistently exceeds thresholds, CRISC instructs thatcorrective action must be initiated, because this indicates sustained elevated risk. Thresholds should not be adjusted simply to match poor performance. Forward-looking metrics may help but do not address the current issue. Continuing to monitor without taking action allows the risk to remain unaddressed. Engaging the risk owner to initiate mitigation steps is the correct governance response.
[Reference:CRISC Review Manual – KRI governance and response thresholds., ========================================, ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit