Q: 12
Which of the following is MOST important for maintaining the effectiveness of an IT risk register?
Options
Discussion
Option D You need those regular reviews and updates, otherwise the register gets stale fast.
Why does ISACA always word these to make you second guess? Every practice I see points to D as being the real key for effectiveness, but the other choices aren't exactly wrong either.
Probably D is best here, as regular reviews and updates keep the risk register accurate and useful over time. If you skip that, even if other entries are current, the register loses relevance fast. Seen similar logic in practice tests-open to other thoughts but pretty sure.
B or D? Had something like this in a mock. Picked B because tracking risk response plans seems central to keeping the register actionable, but not totally sure that's what they're after here.
D is the way to go here. Regular reviews and updates make sure the risk register stays current as new risks pop up or things change in IT. If you skip this, even well-documented risks can become outdated and useless fast. Pretty sure ISACA expects that ongoing update process, but happy to hear arguments for B if anyone disagrees!
D , since without regular updates the whole register loses value fast. Pretty basic risk management best practice.
Regular reviews (D) stand out to me, since that's what keeps the risk register relevant as things change. Without updates, it gets outdated fast. Pretty sure that's what ISACA wants here, but open to hearing other takes.
I'd say B, since tracking response plans feels key to managing the register. Pretty sure that's what keeps actions moving.
Be respectful. No spam.
