The risk practitioner should verify the cost-benefit of the new controls being implemented to ensure that they are aligned with the enterprise’s risk appetite and strategy, and that they provide value to the business. The other options are not as important as verifying the cost-benefit of the new controls, because:
Option A: Updating the risk register is a good practice, but it does not provide assurance that the new controls are effective and efficient.
Option B: Ensuring risk monitoring for the project is initiated is also a good practice, but it is not as urgent as verifying the cost-benefit of the new controls, which should be done before the project is closed.
Option C: Conducting and documenting a BIA is not relevant to the scenario, as the project is already completed and the new controls are implemented. References = Risk and Information Systems Control Study Manual, 7th Edition, ISACA, 2020, p. 184.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit