Which of the following is the BEST method to identify unnecessary controls?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The BEST method to identify unnecessary controls is to evaluate the impact of removing existing controls. This is because evaluating the impact of removing existing controls will help an organization determine whether a control is necessary or not. If the removal of a control has no impact on the organization's ability to manage risks or achieve its objectives, then that control can be considered unnecessary.
Evaluating existing controls against audit requirements may not be the best method to identify unnecessary controls because audit requirements may not necessarily align with an organization's risk management objectives. It is possible for an organization to have controls that are not required by audit standards but are necessary for managing risks.
Reviewing system functionalities associated with business processes may also not be the best method to identify unnecessary controls because system functionalities may not always directly correspond to controls. Additionally, not all controls may be associated with specific system functionalities.
Monitoring existing key risk indicators (KRIs) can be a useful method to identify risks that need to be managed, but it may not be the best method to identify unnecessary controls. KRIs can help identify risks that are not being adequately managed, but they may not provide enough information to determine whether a control is unnecessary.
In conclusion, evaluating the impact of removing existing controls is the BEST method to identify unnecessary controls as it helps an organization determine whether a control is necessary or not based on the organization's risk management objectives.