What should be done to prevent the efficiency and effectiveness of controls due to these changes?

You are the product manager in your enterprise. You have identified that new technologies,
products and services are introduced in your enterprise time-to-time. What should be done to
prevent the efficiency and effectiveness of controls due to these changes?

You are the product manager in your enterprise. You have identified that new technologies,
products and services are introduced in your enterprise time-to-time. What should be done to
prevent the efficiency and effectiveness of controls due to these changes?

A.
Receive timely feedback from risk assessments and through key risk indicators, and update
controls

B.
Add more controls

C.
Perform Business Impact Analysis (BIA)

D.
Nothing, efficiency and effectiveness of controls are not affected by these changes

Explanation:

As new technologies, products and services are introduced, compliance requirements become
more complex and strict; business processes and related information flows change over time.
These changes can often affect the efficiency and effectiveness of controls. Formerly effective
controls become inefficient, redundant or obsolete and have to be removed or replaced.
Therefore, the monitoring process has to receive timely feedback from risk assessments and
through key risk indicators (KRIs) to ensure an effective control life cycle.
Answer D is incorrect. Efficiency and effectiveness of controls are not affected by the changes in
technology or product, so some measure should be taken.
Answer B is incorrect. Most of the time, the addition of controls results in degradation of the
efficiency and profitability of a process without adding an equitable level of corresponding risk
mitigation, hence better controls are adopted in place of adding more controls.
Answer C is incorrect. A BIA is a discovery process meant to uncover the inner workings of any
process. It helps to identify about actual procedures, shortcuts, workarounds and the types of
failure that may occur. It involves determining the purpose of the process, whoperforms the
process and its output. It also involves determining the value of the process output to the
enterprise.



Leave a Reply 0

Your email address will not be published. Required fields are marked *