Certified in Risk and Information Systems Control (CRISC) — Question 311

An organization has introduced risk ownership to establish clear accountability for each process. To ensure effective risk ownership, it is MOST important that:

Answer options

• A. risk owners have decision-making authority.
• B. senior management has oversight of the process.
• C. segregation of duties exists between risk and process owners.
• D. process ownership aligns with IT system ownership.

Correct answer: A

Explanation

The correct answer is A because risk owners must have the authority to make decisions regarding the risks they manage to ensure accountability and timely responses. While oversight by senior management (B) and segregation of duties (C) are important, they do not directly empower risk owners. Alignment of process ownership with IT system ownership (D) is relevant but not the most critical factor for effective risk ownership.