CRISC Certified in Risk and Information Systems Control – Question028 - CRISC Certified in Risk and Information Systems Control

Which of the following is the MOST important objective of the information system control?

A. Business objectives are achieved and undesired risk events are detected and corrected
B. Ensuring effective and efficient operations
C. Developing business continuity and disaster recovery plans
D. Safeguarding assets

Correct Answer: A

Explanation:

Explanation:
The basic purpose of Information System control in an organization is to ensure that the business objectives are achieved and undesired risk events are detected and corrected. Some of the IS control objectives are given below:

Safeguarding assets
Assuring integrity of sensitive and critical application system environments
Assuring integrity of general operating system
Ensuring effective and efficient operations
Fulfilling user requirements, organizational policies and procedures, and applicable laws and regulations
Changing management
Developing business continuity and disaster recovery plans
Developing incident response and handling plans

Hence the most important objective is to ensure that business objectives are achieved and undesired risk events are detected and corrected.
Incorrect Answers: B, C, D: These are also the objectives of the information system control but are not the best answer.