Certified in Risk and Information Systems Control (CRISC) — Question 920

Which of the following is MOST important to ensure when reviewing an organization's risk register?

Answer options

• A. Vulnerabilities have separate entries.
• B. Control ownership is recorded.
• C. Risk ownership is recorded.
• D. Residual risk is less than inherent risk.

Correct answer: C

Explanation

The correct answer is C because documenting risk ownership is vital for accountability and effective risk management. Options A, B, and D, while important, do not directly address the essential need for clarity on who is responsible for managing specific risks.