CRISC Certified in Risk and Information Systems Control – Question752

Which of the following is the STRONGEST indication that controls implemented as part of a risk action plan are not effective?

A.
A security breach occurs.
B. Internal audit identifies recurring exceptions.
C. Changes are put into production without management approval.
D. A sample is used to validate the action plan.

Correct Answer: B