Certified in Risk and Information Systems Control (CRISC) — Question 936

Which of the following roles should be assigned accountability for monitoring risk levels?

Answer options

• A. Business manager
• B. Risk owner
• C. Control owner
• D. Risk practitioner

Correct answer: B

Explanation

The Risk owner is the individual accountable for identifying, assessing, and monitoring risks within an organization. While a Business manager, Control owner, and Risk practitioner may have roles related to risk management, they do not hold the primary responsibility for monitoring risk levels.