Certified in Risk and Information Systems Control Exam Questions

Isaca

Certified in Risk and Information Systems Control

141 / 500

Question 141:

Which of the following is true for risk evaluation?

Answer options:

A. Risk evaluation is done only when there is significant change.
B. Risk evaluation is done once a year for every business processes.
C. Risk evaluation is done annually or when there is significant change.
D. Risk evaluation is done every four to six months for critical business processes.

Add to favourites