CRISC Risk and Control Monitoring and Reporting

Question 1

What is the primary purpose of continuous risk monitoring in CRISC?

Accepted Answer

To detect changes in the risk environment and verify that controls remain effective over time

Answer

Continuous risk monitoring ensures that the organization maintains awareness of its risk profile and quickly identifies when new risks emerge or existing controls degrade.

Question 2

What is a Key Risk Indicator (KRI)?

Accepted Answer

A metric that provides early warning signals of increasing risk exposure

Answer

KRIs are forward-looking metrics designed to signal when risk levels are trending toward or beyond acceptable thresholds before an incident occurs.

Question 3

How does a KRI differ from a Key Performance Indicator (KPI)?

Accepted Answer

KRIs indicate potential future risk exposure; KPIs measure current control and process performance

Answer

KRIs are predictive, warning of emerging risks, while KPIs are diagnostic, measuring how well current controls and processes are performing.

Question 4

What information should a risk report to senior management typically include?

Accepted Answer

Current risk status, changes since last reporting period, KRI trends, and recommendations for action

Answer

Executive risk reports should summarize the risk landscape in business terms, highlight changes and trends, and provide actionable recommendations.

Question 5

What is the purpose of a control self-assessment (CSA)?

Accepted Answer

To allow process owners to evaluate the effectiveness of controls over their own activities

Answer

CSA empowers process owners to assess whether controls in their area are operating effectively, promoting ownership and often uncovering issues before formal audits.

CRISC - Certified in Risk and Information Systems Control Practice Test

CRISC - Certified in Risk and Information Systems Control Practice Test

CRISC Risk and Control Monitoring and Reporting