Certified in Risk and Information Systems Control (CRISC) — Question 356

Who should be responsible for strategic decisions on risk management?

Answer options

• A. Audit committee
• B. Executive management team
• C. Chief information officer (CIO)
• D. Business process owner

Correct answer: B

Explanation

The executive management team is best positioned to make strategic decisions on risk management because they have a comprehensive understanding of the organization's overall objectives and resources. While the audit committee, CIO, and business process owner play important roles, they are more focused on oversight, technology, and specific processes, respectively, rather than on the broader strategic direction.