Certified in Risk and Information Systems Control (CRISC) — Question 132

Who is at the BEST authority to develop the priorities and identify what risks and impacts would occur if there were loss of the organization's private information?

Answer options

• A. External regulatory agencies
• B. Internal auditor
• C. Business process owners
• D. Security management

Correct answer: C

Explanation

The Business process owners are best suited to identify risks and impacts related to the loss of private information because they possess in-depth knowledge of the processes involved. While external regulatory agencies and internal auditors play important roles, they do not have the direct insight into the specific business operations that process owners do. Security management focuses on protecting data but may not prioritize it as effectively as the owners of the business processes.