CHAPTER 9

Measuring Risk and Control Effectiveness

In this chapter, you will:

•  Learn about how to measure various aspects of risk and control related to business processes and effectiveness within different organizational contexts.

This chapter reviews real-world examples of metrics designed to measure the risk and control effectiveness. The following are the CRISC exam objectives from Domain 4 that we’ll review and apply within this chapter:

•  4.2 Monitor and analyze key risk indicators (KRIs) to identify changes or trends in the IT risk profile.

•  4.3 Report on changes or trends related to the IT risk profile to assist management and relevant stakeholders in decision making. 


•  4.4 Facilitate the identification of metrics and key performance ...

Get CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.