A large organization recently restructured the IT department and has decided to outsource certain functions. What action should the control owners in the IT department take?
A.
Determine whether risk responses still effectively address risk.
B.
Conduct risk classification for associated IT controls.
When functions are outsourced, the risk landscape changes, and it is important for control owners to assess whether the current risk responses are still appropriate for the new structure and outsourcing arrangements. Outsourcing can introduce new risks or change the nature of existing ones, so ensuring that the risk responses (controls, processes, etc.) are still effective is a critical first step
first Determine whether risk responses still effectively address risk, if they are not addressing the risk, then Analyze and update IT control assessments.
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Sara98
1 month, 2 weeks agolferolm
4 months, 2 weeks ago