CRISC Certified in Risk and Information Systems Control – Question352 - CRISC Certified in Risk and Information Systems Control

You are the project manager of the GHT project. You are accessing data for further analysis. You have chosen such a data extraction method in which management monitors its own controls. Which of the following data extraction methods you are using here?

A. Extracting data directly from the source systems after system owner approval
B. Extracting data from the system custodian (IT) after system owner approval
C. Extracting data from risk register
D. Extracting data from lesson learned register

Correct Answer: A

Explanation:

Explanation: Direct extraction from the source system involves management monitoring its own controls, instead of auditors/third parties monitoring management’s controls. It is preferable over extraction from the system custodian.
Incorrect Answers:
B: Extracting data from the system custodian (IT) after system owner approval, involves auditors or third parties monitoring management’s controls. Here, in this management does not monitors its own control. C, D: These are not data extraction methods.