Certified in Risk and Information Systems Control (CRISC) — Question 453

The PRIMARY reason for defining risk ownership in an organization is to ensure:

Answer options

• A. responsibility for risk treatment
• B. accountability for risk management
• C. responsibility for risk assessments
• D. accountability for risk register updates

Correct answer: B

Explanation

The correct answer is B because assigning accountability for risk management ensures that someone is responsible for overseeing and guiding the organization's approach to risk. The other options, while important, focus on specific aspects of risk handling rather than the overarching accountability that drives effective risk management.