CRISC Certified in Risk and Information Systems Control – Question307

What is the FIRST phase of IS monitoring and maintenance process?

A.
Report result
B. Prioritizing risks
C. Implement monitoring
D. Identifying controls

Correct Answer: B

Explanation:

Explanation:
Following are the phases that are involved in Information system monitoring and maintenance:

  • Prioritize risk: The first phase involves the prioritization of risk which in turn involves following task:
    – Analyze and prioritize risks to organizational objectives.
    – Identify the necessary application components and flow of information through the system.
    – Examine and understand the functionality of the application by reviewing the application system documentation and interviewing appropriate personnel.
  • Identify controls: After prioritizing risk now the controls are identified, and this involves following tasks:
    – Key controls are identified across the internal control system that addresses the prioritized risk.
    – Applications control strength is identified.
    – Impact of the control weaknesses is being evaluated.
    – Testing strategy is developed by analyzing the accumulated information.
  • Identify information: Now the IS control information should be identified:
    – Identify information that will persuasively indicate the operating effectiveness of the internal control system.
    – Observe and test user performing procedures.
  • Implement monitoring: Develop and implement cost-effective procedures to evaluate the persuasive information.
  • Report results: After implementing monitoring process the results are being reported to relevant stakeholders.

Incorrect Answers: A, C, D: These all phases occur in IS monitoring and maintenance process after prioritizing risks.