CRISC Certified in Risk and Information Systems Control – Question582

During an IT department reorganization, the manager of a risk mitigation action plan was replaced. The new manager has begun implementing a new control after identifying a more effective option. Which of the following is the risk practitioner’s BEST course of action?

A.
Communicate the decision to the risk owner for approval
B. Identify an owner for the new control
C. Modify the action plan in the risk register
D. Seek approval from the previous action plan manager

Correct Answer: B