Which of the following would require updates to an organization's IT risk register?
Which of the following would require updates to an organization's IT risk register?
The discovery of an ineffectively designed key IT control would require updates to an organization's IT risk register. This is because an ineffectively designed key IT control represents a potential risk to the organization, and it needs to be formally acknowledged and managed within the IT risk register. The IT risk register is a tool for documenting identified risks, along with their impact, likelihood, and control measures, which makes it essential to update the register with this new information.
Agree with "A". However, the question must be reworded to be "Which of the following would MOST require updates to an organization's IT risk register?" as most of the options (except option C) would impact the content of the risk register
Agree.
Sorry, i got it. Its not talking about audit findings but audit completion status. hence A is the right answer.
Why not its audit, as the audit findings should gointo risk register.
Because the completion of an internal audit may lead to updates if the audit identifies new risks, changes in existing risks, or issues with current controls. However, the audit's completion itself does not automatically necessitate an update; it is the findings from the audit that might require changes to the risk register.