Certified in Risk and Information Systems Control (CRISC) — Question 315

Which of the following is the MOST important foundational element of an effective three lines of defense model for an organization?

Answer options

• A. A well-established risk management committee
• B. A robust risk aggregation tool set
• C. Well-documented and communicated escalation procedures
• D. Clearly defined roles and responsibilities

Correct answer: D

Explanation

Clearly defined roles and responsibilities are essential as they ensure that everyone in the organization understands their specific duties in the risk management process. While a risk management committee, risk aggregation tools, and escalation procedures are important, they are secondary to the need for clarity in roles, which directly impacts accountability and effectiveness.