In the three lines of defense model, which of the following activities would be completed by the FIRST line of defense?

A. A risk practitioner executes an annual assessment of key controls that impact financial statements

B. Internal control activities are reviewed monthly by a risk management committee

C. Control owners review a monthly report on the operation of high-risk controls

D. Internal audit reviews high-risk areas to ensure controls are executed in a timely manner








 

Suggested Answer: B



This question is in CRISC exam 
For getting Risk and Information Systems Control Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by ISACA.
The website does not contain actual questions and answers from ISACA's Certification Exams.
Trademarks, certification & product names are used for reference only and belong to ISACA.