CRISC Certified in Risk and Information Systems Control – Question533

A risk assessment has identified that an organization may not be in compliance with industry regulations. The BEST course of action would be to:

A.
collaborate with management to meet compliance requirements
B. conduct a gap analysis against compliance criteria
C. identify necessary controls to ensure compliance
D. modify internal assurance activities to include control validation

Correct Answer: A