CRISC Certified in Risk and Information Systems Control – Question787

Which of the following should be a risk practitioner's NEXT step upon learning the organization is not in compliance with a specific legal regulation?

A.
Assess the likelihood and magnitude of the associated risk.
B. Identify mitigation activities and compensating controls.
C. Notify senior compliance executives of the associated risk.
D. Determine the penalties for lack of compliance.

Correct Answer: A