CRISC Certified in Risk and Information Systems Control – Question740

Which of the following should be the PRIMARY focus of a risk owner once a decision is made to mitigate a risk?

A.
Determining processes for monitoring the effectiveness of the controls
B. Confirming to management the controls reduce the likelihood of the risk
C. Updating the risk register to include the risk mitigation plan
D. Ensuring that control design reduces risk to an acceptable level

Correct Answer: D