-
Book Overview & Buying
-
Table Of Contents
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide
By :
Testing the effectiveness and efficacy of a control is as important as implementing them. A risk practitioner should ensure that implemented controls are tested and evaluated periodically to ensure that they are still relevant and advise the risk owner in case of any gaps that have occurred since the initial implementation. The responsibility to determine the efficacy of controls periodically relies on the control owner. Control testing can be either progressive or regressive. Progressive testing begins with the requirements and looks for flaws, whereas regressive testing works backward from the expectations of the results and known issues to identify causes.
The following are some of the best practices for effectively evaluating controls:
Change the font size
Change margin width
Change background colour