Certified in Risk and Information Systems Control (CRISC) — Question 1408

Which of the following is a responsibility of the second line of defense in the three lines of defense model?

Answer options

• A. Owning risk scenarios and bearing the consequences of loss
• B. Alerting operational management to emerging issues
• C. Implementing corrective actions to address deficiencies
• D. Performing duties independently to provide assurance

Correct answer: B

Explanation

The correct answer is B because the second line of defense is responsible for monitoring and alerting management about potential risks and issues. Options A and C are more aligned with the first line's responsibilities, while D pertains to the third line's role of providing independent assurance.