Which of the following is MOST useful for this purpose?

An IT risk practitioner has been asked to regularly report on the overall status and effectiveness of the IT risk management program.

Which of the following is MOST useful for this purpose?
A . Capability maturity level
B . Balanced scorecard
C . Control self-assessment (CSA)
D . Internal audit plan

View Answer

Answer: B