Exam CRISC topic 1 question 913 discussion

A. Segregation of duties Segregation of duties ensures that no single individual has control over all aspects of any critical transaction. By segregating duties, it ensures that an independent person reviews the test results, making it less likely for fraud, errors, or other malicious activities to go undetected. This separation provides an additional layer of integrity to the process of evaluating control effectiveness.

C, page 66 of manual "third line of defense consist of gaining the appropriate level of assurance to senior mgmt and the governing body through INDEPENDENT and OBJECTIVE reviews"

Agree it is C. With the three lines of defense you have internal audit that perform test of design or test of operational effectiveness. With D, QA is good to have, but they are not guaranteed to be testing in a 100% independent manner, nor testing controls specific points.

its either C or D in my opinion.

Error, 'B', reason: A compliance review is a type of audit that focuses on assessing the organization's compliance with regulatory requirements, internal policies, and industry standards. Compliance reviews are typically conducted by independent auditors who are not involved in the day-to-day operations of the organization and who have no vested interest in the outcome of the review. This independence allows for a completely objective and unbiased evaluation of control effectiveness. The Three Lines of Defense model, on the other hand, is a risk management framework that delineates the responsibilities of different functions within an organization for managing risk. While the model does emphasize the importance of independence and accountability, it is not specifically designed to facilitate a completely independent review of test results.

Agree.

Looks correct. See R3-115.