Professional Documents
Culture Documents
Session 4 - CRISC Exam Prep Course - Domain 4 - Risk and Control Monitoring and Reporting PDF
Session 4 - CRISC Exam Prep Course - Domain 4 - Risk and Control Monitoring and Reporting PDF
SESSION 4
Job Practice
34. Risk monitoring tools and KRIs can be monitored both manually and through
techniques automation, based on what data is available, how it is
secured and in what format the data exists.
Impact Indicators of risk with high business impact are more likely to be
KRIs.
22. Data collection and A KRIs effectiveness is based on its ability to predict
extraction tools and changes in trends that give rise to risk, so data
techniques collection and extraction are critical components.
24. Characteristics of The KRI monitors residual risk, alerting risk owners of
inherent and residual any positive or negative variances.
risk
32. Key risk indicators A KRI is an indicator with the greatest ability to warn
(KRIs) of changes or trends in the IT risk profile.
34. Risk monitoring tools KRIs that utilize data from automated and properly
and techniques configured security monitoring and analytic tools
provide management a greater level of assurance, as
compared to manual assessment methods.
Changes to Changes in
New Mergers or New or revised
business customer
technologies acquisitions regulations
procedures expectations
39. Control monitoring and Automated and properly configured control monitoring
reporting tools and and reporting tools are used to validate the
techniques performance of KPIs.
41.4 Control activities, The CRISC assists the control owner in the
objectives, practices development of control procedures to ensure the
and metrics related to effectiveness and efficiency of how data is created,
transmitted, stored and disposed of.
data management
41.5 Control activities, The CRISC assists the control owner in the
objectives, practices development of control procedures to ensure the
and metrics related to effectiveness and efficiency of how systems and
software are developed/acquired, tested,
the system
implemented, maintained and disposed of.
development life cycle
(SDLC)
41.6 Control activities, The CRISC assists the control owner in the
objectives, practices development of control procedures to ensure the
and metrics related to effectiveness and efficiency of how programs and
projects are initiated, approved, executed, closed and
project and program
assessed.
management
41.9 Control activities, objectives, The CRISC assists the control owner in the
practices and metrics development of control procedures to ensure the
related to the information effectiveness and efficiency of IT Architecture
systems architecture (e.g., including platforms, networks, applications,
platforms, networks, databases and operating systems.
applications, databases and
operating systems)
29. Systems control design Control assessments are designed to measure the
and implementation, effectiveness of one of more controls.
including testing
methodologies and
practices