Certified in Risk and Information Systems Control (CRISC) — Question 158

Who is MOST likely to be responsible for the coordination between the IT risk strategy and the business risk strategy?

Answer options

• A. Information security director
• B. Internal audit director
• C. Chief information officer
• D. Chief financial officer

Correct answer: C

Explanation

The Chief Information Officer (CIO) is typically responsible for the integration of IT strategies with business objectives, making them the most suitable candidate for coordinating IT risk with business risk. The Information Security Director and Internal Audit Director focus more on specific areas of risk, while the Chief Financial Officer mainly deals with financial aspects rather than IT risk coordination.