Certified in Risk and Information Systems Control (CRISC) — Question 1368

Who is BEST suited to own an IT risk scenario in an organization where only one IT support person knows how to maintain a core business application?

Answer options

• A. Business owner
• B. IT manager
• C. Application business analyst
• D. Risk manager

Correct answer: A

Explanation

The Business owner is best suited to own the risk scenario because they have the ultimate accountability for the business operations and outcomes. The IT manager, application business analyst, and risk manager may have important roles, but they do not have the same level of authority and responsibility for the core business application as the Business owner.