According to the CRISC Review Manual (Digital Version), periodically reviewing controls per the risk treatment plan would best help to ensure that identified risk is efficiently managed, as it involves verifying the effectiveness and efficiency of the implemented risk response actions and identifying any gaps or changes in the risk profile. Periodically reviewing controls per the risk treatment plan helps to:
Confirm that the controls are operating as intended and producing the desired outcomes
Detect any deviations, errors, or weaknesses in the controls and their performance
Evaluate the adequacy and appropriateness of the controls in relation to the current risk environment and the organization’s risk appetite and risk tolerance
Recommend and implement corrective actions or improvement measures to address any issues or deficiencies in the controls
Update the risk register and the risk treatment plan to reflect the current risk status and the residual risk levels
References = CRISC Review Manual (Digital Version), Chapter 4: IT Risk Monitoring and Reporting, Section 4.1: IT Risk Monitoring, pp. 215-2161
Submit