ExamTopics Logo
Mail Usteam@examtopics.com
Menu
Isaca Discussions
exam questions

Exam CRISC All Questions

View all questions & answers for the CRISC exam
Go to Exam

Exam CRISC topic 1 question 1224 discussion

Actual exam question from Isaca's CRISC
Question #: 1224
Topic #: 1
[All CRISC Questions]

A recent change in accounting policy has the potential to impact a known risk related to an organization's financial software. Which of the following should the risk practitioner do FIRST?

  • A. Analyze and update the risk register as needed.
  • B. Conduct software testing for required code updates.
  • C. Analyze and update associated control assessments.
  • D. Determine whether the risk response is still adequate.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
Community vote distribution
D (63%)
A (38%)
by Jco at Nov. 24, 2022, 7:30 a.m.

Comments

Chosen Answer:
This is a voting comment. You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mynk29
3 months, 4 weeks ago
Selected Answer: D
You perform the assessment first and then update the register. D it is.
upvoted 1 times
...
[Removed]
4 months, 1 week ago
Selected Answer: A
risk response is included in the risk register. by analyzing the register (inclusive of risk response) you're effectively checking to see if the response is accurate and updating it, if needed.
upvoted 1 times
[Removed]
4 months, 1 week ago
sorry this question says FIRST rather than BEST. Im going with D
upvoted 1 times
...
...
CbtL
4 months, 2 weeks ago
Selected Answer: D
Agree with D. First check to see if more mitigation is warranted, then update per A.
upvoted 1 times
...
ldl
5 months, 1 week ago
Selected Answer: A
i would go with A. as D would be covered in A.
upvoted 2 times
...
Koulyo
5 months, 2 weeks ago
i would go with A. same as blokey
upvoted 1 times
Koulyo
5 months ago
Change to D. its true that D is covered in A, but i think the tester wants to know more details as to what is done or what is there to analyze.
upvoted 2 times
...
...
john_boogieman
6 months, 4 weeks ago
Selected Answer: D
Agree.
upvoted 3 times
Koulyo
5 months ago
Please justify.
upvoted 1 times
...
...
Jco
9 months, 3 weeks ago
The key word is - "to impact a known risk". Hence the answer is correct to first validate if existing control is adequate.
upvoted 3 times
blokey
9 months, 2 weeks ago
It says "potential" though so you have to analyze first if it ACTUALLY IMPACTS the known risk. If it doesn't impact then who cares.
upvoted 1 times
CbtL
4 months, 2 weeks ago
D is effectively an analysis, though.
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
PT0-002
Tokyo, 1 minute ago