Which of the following is the PRIMARY reason to have the risk management process reviewed by a third party?
A . Obtain an objective view of process gaps and systemic errors.
B . Ensure the risk profile is defined and communicated.
C . Validate the threat management process.
D . Obtain objective assessment of the control environment.
Answer: A