CRISC Certified in Risk and Information Systems Control – Question781

Which of the following is the PRIMARY reason to have the risk management process reviewed by a third party?

A.
Obtain an objective view of process gaps and systemic errors.
B. Ensure the risk profile is defined and communicated.
C. Validate the threat management process.
D. Obtain objective assessment of the control environment.

Correct Answer: A