Certified in Risk and Information Systems Control (CRISC) — Question 1268

Who should be responsible for approving the cost of controls to be :mplemented for mitigating risk?

Answer options

• A. Risk owner
• B. Control implementer
• C. Control owner
• D. Risk practitioner

Correct answer: A

Explanation

The risk owner is the individual who has the authority to approve the costs related to risk mitigation controls, as they are ultimately responsible for managing the risk. The control implementer and control owner may have roles in executing or overseeing these controls, but they do not have the final say on cost approval. The risk practitioner may provide insights and recommendations but is not responsible for financial decisions regarding controls.