Measurability and consistency are the most essential attributes of an effective key control indicator (KCI), because they ensure that the KCI can be quantified, compared, and reported over time. A KCI should be able to measure the performance or effectiveness of a control in mitigating a risk and provide consistent results across different periods, sources, and methods. The other options are not the most essential attributes, although they may also be desirable for a KCI. Flexibility and adaptability are not the most essential attributes, because they may compromise the reliability and comparability of the KCI. Robustness and resilience are not the most essential attributes, because they are more relevant for the control itself, not the KCI. Optimal cost and benefit are not the most essential attributes, because they are more related to the value and feasibility of the KCI, not the quality and accuracy of the KCI. References = ISACA Certified in Risk and Information Systems Control (CRISC) Certification Exam Question and Answers

The average time to provision user accounts is the most useful indicator to measure the efficiency of an identity and access management (IAM) process, because it reflects how quickly and smoothly the process can grant access to the appropriate users. The average time to provision user accounts can be calculated by dividing the total time spent on provisioning user accounts by the number of user accounts provisioned in a given period. A lower average time indicates a more efficient IAM process, as it means that users can access the resources they need without unnecessary delays or errors. A higher average time may indicate problems or bottlenecks in the IAM process, such as manual steps, complex workflows, lack of automation, or insufficient resources. The average time to provision user accounts can also be compared across different applications, systems, or business units to identify areas for improvement or best practices. The other options are less useful indicators to measure the efficiency of an IAM process. The number of tickets for provisioning new accounts shows the demand for the IAM process, but not how well the process meets the demand. The password reset volume per month shows the frequency of password-related issues, but not how effectively the IAM process handles them. The average account lockout time shows the impact of account lockouts on user productivity, but not how efficiently the IAM process prevents or resolves them. References = Top Identity and Access Management Metrics

is incorrect. CFO is the most senior official 0f the enterprise who is accountable for financial planning, record keeping, investor relations and financial risks. CFO is not responsible for responsible for setting up the risk governance process, establishing and maintaining a common risk view, making risk-aware business decisions, and setting the enterprise's risk culture. Answer: C is incorrect. Human resource is the most senior official of an enterprise who is accountable for planning and policies with respect to all human resources in that enterprise. HR is not responsible for risk related activities.

Section: Volume D

According to the 10 Tips for Secure Online Transactions - SmartAsset article, multi-factor authentication is a security measure that requires users to provide more than one piece of evidence to verify their identity when logging in to an online account. For example, users may need to enter a password and a code sent to their phone or email, or use a biometric feature such as a fingerprint or a face scan. Multi-factor authentication can help secure online financial transactions from improper users, as it makes it harder for hackers to access the account even if they have the password. Multi-factor authentication can also alert users to any suspicious login attempts and prevent unauthorized transactions. References = 10 Tips for Secure Online Transactions - SmartAsset