Certified in Risk and Information Systems Control (CRISC) — Question 966

Of the following, who is responsible for approval when a change in an application system is ready for release to production?

Answer options

• A. Business owner
• B. Information security officer
• C. Chief risk officer (CRO)
• D. IT risk manager

Correct answer: A

Explanation

The business owner is the individual accountable for approving changes to the application system since they understand the business needs and impacts. The information security officer focuses on safeguarding data, while the chief risk officer and IT risk manager deal with broader risk management and may not have the final say on specific application changes.