Certified in Risk and Information Systems Control (CRISC) — Question 373

Which of the following is the PRIMARY risk management responsibility of the second line of defense?

Answer options

• A. Applying risk treatments
• B. Providing assurance of control effectiveness
• C. Implementing internal controls
• D. Monitoring risk responses

Correct answer: D

Explanation

The correct answer is D because the second line of defense is primarily tasked with overseeing and monitoring how risks are managed and ensuring that risk responses are effective. Options A and C refer to actions typically taken by the first line of defense, while B relates more to the third line of defense's role in providing assurance.