Certified in Risk and Information Systems Control (CRISC) — Question 278

Which of the following roles would provide the MOST important input when identifying IT risk scenarios?

Answer options

• A. Operational risk managers
• B. Internal auditors
• C. Information security managers
• D. Business process owners

Correct answer: D

Explanation

Business process owners have the best understanding of the processes and potential risks involved, making their input invaluable for identifying IT risk scenarios. While operational risk managers, internal auditors, and information security managers provide important oversight, they may not possess the same level of detail about specific business processes as business process owners do.