Pre-Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Free Access Isaca CRISC New Release

Page: 2 / 118
Total 1575 questions

Certified in Risk and Information Systems Control Questions and Answers

Question 5

Which of the following is the BEST recommendation to senior management when the results of a risk and control assessment indicate a risk scenario can only be partially mitigated?

Options:

A.

Implement controls to bring the risk to a level within appetite and accept the residual risk.

B.

Implement a key performance indicator (KPI) to monitor the existing control performance.

C.

Accept the residual risk in its entirety and obtain executive management approval.

D.

Separate the risk into multiple components and avoid the risk components that cannot be mitigated.

Question 6

An organization outsources the processing of us payroll data A risk practitioner identifies a control weakness at the third party trial exposes the payroll data. Who should own this risk?

Options:

A.

The third party's IT operations manager

B.

The organization's process owner

C.

The third party's chief risk officer (CRO)

D.

The organization's risk practitioner

Question 7

Which of the following is the GREATEST benefit when enterprise risk management (ERM) provides oversight of IT risk management?

Options:

A.

Aligning IT with short-term and long-term goals of the organization

B.

Ensuring the IT budget and resources focus on risk management

C.

Ensuring senior management's primary focus is on the impact of identified risk

D.

Prioritizing internal departments that provide service to customers

Question 8

Which of the following is the BEST evidence that a user account has been properly authorized?

Options:

A.

An email from the user accepting the account

B.

Notification from human resources that the account is active

C.

User privileges matching the request form

D.

Formal approval of the account by the user's manager

Page: 2 / 118
Total 1575 questions