Certified in Risk and Information Systems Control (CRISC) — Question 197
A risk manager has determined there is excessive risk with a particular technology. Who is the BEST person to own the unmitigated risk of the technology?
Answer options
- A. Business process owner
- B. Chief financial officer (CFO)
- C. Chief risk officer (CRO)
- D. IT system owner
Correct answer: A
Explanation
The Business process owner is best suited to take ownership of the unmitigated risk because they have the most direct control and understanding of how the technology impacts their operations. The Chief financial officer (CFO), Chief risk officer (CRO), and IT system owner may be involved in risk management but are not directly responsible for the specific operational risks associated with that technology.