Measuring Risk and Control Effectiveness
In this chapter, you will:
• Learn about how to measure various aspects of risk and control related to business processes and effectiveness within different organizational contexts.
This chapter reviews real-world examples of metrics designed to measure the risk and control effectiveness. The following are the CRISC exam objectives from Domain 4 that we’ll review and apply within this chapter:
• 4.2 Monitor and analyze key risk indicators (KRIs) to identify changes or trends in the IT risk profile.
• 4.3 Report on changes or trends related to the IT risk profile to assist management and relevant stakeholders in decision making.
• 4.4 Facilitate the identification of metrics and key performance ...