CRISC Certified in Risk and Information Systems Control – Question762

A risk practitioner is reviewing the status of an action plan to mitigate an emerging IT risk and finds the risk level has increased. The BEST course of action would be to:

A.
evaluate whether selected controls are still appropriate.
B. implement the planned controls and accept the remaining risk.
C. suspend the current action plan in order to reassess the risk.
D. revise the action plan to include additional mitigating controls.

Correct Answer: A