Certified in Risk and Information Systems Control (CRISC) — Question 440

Which of the following is the PRIMARY accountability for a control owner?

Answer options

• A. Ensure the control operates effectively.
• B. Identify and assess control weaknesses.
• C. Own the associated risk the control is mitigating.
• D. Communicate risk to senior management.

Correct answer: A

Explanation

The primary accountability of a control owner is to ensure that the control operates effectively, which is fundamental for managing risks. While identifying weaknesses, owning risks, and communicating to management are important, they are secondary to the effective operation of the control itself.