Certified in Risk and Information Systems Control (CRISC) — Question 314

Several newly identified risk scenarios are being integrated into an organization's risk register. The MOST appropriate risk owner would be the individual who:

Answer options

• A. is accountable for loss if the risk materializes.
• B. is in charge of information security.
• C. is responsible for enterprise risk management (ERM).
• D. can implement remediation action plans.

Correct answer: A

Explanation

The correct answer is A because the risk owner should be the person who bears the responsibility for any losses if the risk materializes. Option B pertains to security oversight, option C relates to overall risk management, and option D focuses on action implementation, but none of these roles carry the same accountability for losses as option A.