Exam CRISC topic 1 question 408 discussion

Answer should be D. The control is ineffective and linked to multiple low risks so there is potential of ineffective control to increase the risk when aggregated. So reevaluation of risk seems like a best fit here.

The question does not emphasize if the level of residual risk (even it is a low residual risk) is acceptable for the organization or not. If it is unacceptable, we would go with option "A". However, to know if the mentioned risks are acceptable or not (in order to take the decision); you have to reassess. Most times, in such questions, you have to evaluate then decide.

When a risk practitioner identifies an ineffective control that is linked to several low residual risk scenarios, it is important to re-evaluate the risk scenarios to ensure their accuracy and validity.

Agree with D.

Of course.

For low risk mitigation is not best option. Will go with D

D sounds best since the residual risk needs to be re-evaluated

The emphasis is on "ineffective control that links to several low residual risk scenarios." Meaning the controls may not be providing the true picture of the risks, being false positive. I will go for "D"

Why this answer is A where the risks are low? If the risks are low under the acceptable level then management just need to accept this risk or they might need to re-evaluate the scenarios so the answer would be either C of D. Thoughts???