Certified in Risk and Information Systems Control (CRISC) — Question 908
A risk practitioner has collaborated with subject matter experts from the IT department to develop a large list of potential key risk indicators (KRIs) for all IT operations within the organization. Of the following, who should review the completed list and select the appropriate KRIs for implementation?
Answer options
- A. IT security managers
- B. IT auditors
- C. IT risk owners
- D. IT control owners
Correct answer: C
Explanation
The IT risk owners are the most suitable individuals to review and select the appropriate KRIs for implementation, as they are responsible for managing risks within the IT environment. IT security managers, auditors, and control owners may have valuable insights, but they do not have the primary accountability for risk selection and management.