Exam CIS-RC topic 1 question 22 discussion

https://docs.servicenow.com/ja-JP/bundle/tokyo-governance-risk-compliance/page/product/grc-audit/concept/audit-management.html

Please ignore the previous response. In Audit management process, the control tests performs a design and/or operation test to determine the overall effectiveness of a control

D: The ServiceNow Policy and Compliance Management product provides a centralized process for creating and managing policies, standards, and internal control procedures that are cross-mapped to external regulations and benchmarks. Additionally, the application provides structured workflows for the identification, assessment, and continuous monitoring of control activities. A: The Audit Management automates the work streams of internal audit teams, optimizing resources and productivity, and eliminating recurring audit findings. Audit Management uses compliance and risk data to scope, plan, and prioritize audit engagements. The on-going review of policies and procedures, risks, and control breakdowns provide an opportunity for fixing issues before they become audit failures.

D is correct.

D is correct. Policy and Compliance Management manages the process. Not Audit management.

Policy and Compliance Management, but I thought it would have been Risk Management, which includes functionality to measure control effectiveness? From the textbook: "create the manual factor for Control Effectiveness, which calculates the control effectiveness score on the Control Effectiveness Assessment"(pg 243)? More on the process, here: https://docs.servicenow.com/bundle/vancouver-governance-risk-compliance/page/product/grc-risk/task/c... Alternatively, this link shows how audit management also can measure control test effectiveness https://docs.servicenow.com/bundle/tokyo-governance-risk-compliance/page/product/grc-audit/concept/i... Seems like it can really go either way

D is correct