Which process includes developing a strategy to regularly evaluate I&T-related controls/metrics, recording and evaluating I&T-related events, recording changes to I&T-related controls, and communicating the current risk and control status to enable information-sharing decisions involving the enterprise?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $9.99Unlock all

Prepare for the ISACA IT Risk Fundamentals Test. Find flashcards and multiple choice questions, complete with hints and explanations. Ace your exam with confidence!

Multiple Choice

Which process includes developing a strategy to regularly evaluate I&T-related controls/metrics, recording and evaluating I&T-related events, recording changes to I&T-related controls, and communicating the current risk and control status to enable information-sharing decisions involving the enterprise?

Continuous risk and control monitoring is about maintaining an ongoing view of IT risk and the effectiveness of controls. It involves developing a strategy to regularly evaluate IT and related controls and their metrics, recording and evaluating events that signal risk, tracking changes to controls as they occur, and communicating the current risk and control status to support enterprise-wide information sharing and decision making. This approach is distinct from a risk register, which is simply a repository of identified risks; from a KPI, which is a single performance metric; and from a penetration test, which is a one-off security assessment. The continuous monitoring approach best fits the described process.

Prepare for the ISACA IT Risk Fundamentals Test. Find flashcards and multiple choice questions, complete with hints and explanations. Ace your exam with confidence!

Get the latest from Examzify