Isaca Certified in Risk and Information Systems Control CRISC Question # 42 Topic 5 Discussion
CRISC Exam Topic 5 Question 42 Discussion:
Question #: 42
Topic #: 5
As part of its risk strategy, an organization decided to transition its financial system from a cloud-based provider to an internally managed system. Which of the following should the risk practitioner do FIRST?
A.
Reassess whether the risk responses properly address known risks and vulnerabilities
B.
Analyze the risk register to identify potential updates and changes
C.
Evaluate existing control test plans of the system for potential changes
D.
Update the processes within impacted financial control assessments
Whenever there is a change in sourcing strategy, such as moving from cloud to internal hosting, the first step is to reassess the effectiveness and completeness of existing risk responses and confirm that they still mitigate the risks appropriately.
CRISC emphasizes:
“When transitioning services or changing control environments, practitioners should reassess risk responses and validate that previously identified risks and vulnerabilities remain properly addressed.”
Only after reassessment should the practitioner proceed to update registers, controls, and audit plans.
Hence, A is the correct answer.
CRISC Reference: Domain 3 – Risk Response and Mitigation, Topic: Managing Control Changes.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit