Isaca Certified in Risk and Information Systems Control CRISC Question # 498 Topic 50 Discussion
CRISC Exam Topic 50 Question 498 Discussion:
Question #: 498
Topic #: 50
A newly hired risk practitioner finds that the risk register has not been updated in the past year. What is the risk practitioner's BEST course of action?
A.
Identify changes in risk factors and initiate risk reviews.
B.
Engage an external consultant to redesign the risk management process.
C.
Outsource the process for updating the risk register.
D.
Implement a process improvement and replace the old risk register.
The best course of action for a newly hired risk practitioner who finds that the risk register has not been updated in the past year is to identify changes in risk factors and initiate risk reviews. This would help the risk practitioner to update the risk register with the current and relevant information on the risks facing the enterprise, such as their sources, drivers, indicators, likelihood, impact, and responses. It would also help the risk practitioner to evaluate the effectiveness of the existing controls, and to identify any new or emerging risks that need to be addressed. Identifying changes in risk factors and initiating risk reviews would enable the risk practitioner to maintain the accuracy and completeness of the risk register, and to provide valuable input for the risk management process. References = Risk and Information Systems Control Study Manual, 7th Edition, Chapter 5, Section 5.1.1, page 2271
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit