Certified in Risk and Information Systems Control (CRISC) — Question 238

A risk owner should be the person accountable for:

Answer options

• A. implementing actions
• B. managing controls
• C. the risk management process
• D. the business process

Correct answer: A

Explanation

The risk owner is primarily responsible for implementing actions to mitigate risks, making option A the correct choice. Options B and C focus on managing controls and the overall risk management process, which are important but not the direct responsibility of the risk owner. Option D pertains to the business process, which is broader and not specifically related to risk ownership.