Certified in Risk and Information Systems Control (CRISC) — Question 904

Which of the following is the PRIMARY responsibility of a risk owner?

Answer options

• A. Determining risk appetite and tolerance
• B. Developing relevant control procedures
• C. Deciding responses to identified risk
• D. Implementing risk action plans

Correct answer: C

Explanation

The correct answer is C because a risk owner's primary role is to decide how to address identified risks effectively. Options A and B are important aspects of risk management but are not the direct responsibilities of a risk owner. Option D, while related, falls under the execution of plans rather than the strategic decision-making involved in response selection.