Isaca Updated CRISC Exam Questions and Answers by julian

A purchase order approval process is a set of procedures that companies use to authorize the purchase of goods or services from suppliers1. This process typically involves multiple levels of approvals, ensuring that purchases are compliant with company regulations and policies, and within budget limitations1. Sometimes, a department may be granted an exception to bypass the existing approval process for purchase orders, for example, due to urgency, emergency, or special circumstances2. However, such exceptions should not compromise the effectiveness and integrity of the purchase order approval process, and should be properly documented and justified2. Therefore, the risk practitioner should verify that the exception has been approved by senior management, as they are ultimately responsible for setting and overseeing the purchase order approval process, and for ensuring that the exceptions are reasonable and aligned with the company’s objectives and risk appetite3. Internal audit is not the correct answer, as they are not involved in approving the purchase order approval process or its exceptions. Internal audit’s role is to provide independent assurance and advice on the adequacy and effectiveness of thepurchase order approval process and its controls, and to report any issues or recommendations for improvement4. Control owner is not the correct answer, as they are not involved in approving the purchase order approval process or its exceptions. Control owner’s role is to design, implement, and operate the controls that support the purchase order approval process, and to monitor and report on the performance and compliance of the controls5. Risk manager is not the correct answer, as they are not involved in approving the purchase order approval process or its exceptions. Risk manager’s role is to identify, assess, and mitigate the risks associated with the purchase order approval process, and to communicate and report on the risk status and issues6. References = 1: A Step-by-Step Guide to a Purchase Order Approval Process2: Purchase Order Exceptions | Fordham3: Purchase Order (PO) Approval Process and Approval Workflow - ProcureDesk4: IT Risk Resources | ISACA5: CRISC Resources [updated 2021] | Infosec6: Riskand Information Systems Control Study Manual, Chapter 4: Risk and Control Monitoring and Reporting, Section 4.2: Risk Monitoring, pp. 189-191.

Service level agreements (SLA) are contracts that define the expected level of performance and quality of service that an IT service provider will deliver to its customers. SLA are the best indicators that an organization has implemented IT performance requirements, as they specifythe measurable and verifiable criteria that the IT service provider must meet or exceed, such as availability, reliability, security, and responsiveness. SLA also establish the roles and responsibilities of the parties involved, the methods of monitoring and reporting the service performance, and the consequences of non-compliance or breach of the agreement. References = ISACA Certified in Risk and Information Systems Control (CRISC) Certification Exam Question and Answers, Question 232. CRISC by Isaca Actual Free Exam Q&As, Question 9. CRISC Sample Questions 2024, Question 232. CRISC: Certified in Risk & Information Systems Control Sample Questions, Question 232.

The risk practitioner shouldfirst review the methodology of the BIAbecause the BIA identifies critical processes and the impacts of disruptions. This ensures that any identified risks are grounded in reliable, updated business impact data.

===========

According to the CRISC Review Manual1, data selection is the process of choosing the appropriate data sources and variables for data analysis. Data selection is the most critical step in data analytics, as it determines the quality and validity of the results and insights derived from the analysis. Incorrect data selection is the greatest risk associated with the use of data analytics, as it can lead to inaccurate, incomplete, irrelevant, or biased outcomes that can adversely affectthe decision making and performance of the organization. Incorrect data selection can also cause legal, regulatory, ethical, or reputational issues for the organization, if the data used for analysis is not authorized, reliable, or compliant. References = CRISC Review Manual1, page 255.