Certified in Risk and Information Systems Control (CRISC) — Question 534

Which of the following is the MOST important concern when assigning multiple risk owners for an identified risk?

Answer options

• A. Risk ratings may be inconsistently applied.
• B. Accountability may not be clearly defined.
• C. Different risk taxonomies may be used.
• D. Mitigation efforts may be duplicated.

Correct answer: B

Explanation

The main issue with having multiple risk owners is that accountability can become unclear, leading to confusion over who is responsible for managing the risk. While inconsistent risk ratings, varying taxonomies, and duplicated efforts are valid concerns, they are secondary to the critical need for clear accountability in risk management.