Certified in Risk and Information Systems Control (CRISC) — Question 112

Who is the MOST appropriate owner for newly identified IT risk?

Answer options

• A. The manager responsible for IT operations that will support the risk mitigation efforts
• B. The individual with the most IT risk-related subject matter knowledge
• C. The individual with authority to commit organizational resources to mitigate the risk
• D. A project manager capable of prioritizing the risk remediation efforts

Correct answer: C

Explanation

The correct answer is C because the individual with the authority to allocate resources is crucial for effective risk mitigation. While options A, B, and D may contribute valuable insights or support, they lack the necessary authority to implement solutions, making them less suitable as risk owners.