CRISC - Risk Response and Reporting - Section 3.8
Test controls and evaluate their effectiveness in reducing risk to an acceptable level.
Test controls and evaluate their effectiveness by assessing both design effectiveness - whether the control is capable of meeting its objective - and operating effectiveness - whether it is actually working as designed over time. Use assurance results to determine whether residual risk remains within acceptable thresholds.
Control testingControl effectivenessDesign vs operating effectivenessAssurance
More in this domain
Back to all Risk Response and Reporting objectives, or the CRISC cert hub.
Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.