Certified in Risk and Information Systems Control (CRISC) — Question 974

An information security audit identified a risk resulting from the failure of an automated control. Who is responsible for ensuring the risk register is updated accordingly?

Answer options

• A. The control owner
• B. The audit manager
• C. The risk practitioner
• D. The risk owner

Correct answer: C

Explanation

The risk practitioner is responsible for maintaining and updating the risk register to reflect newly identified risks. The control owner, audit manager, and risk owner have different roles that do not include the direct responsibility for updating the risk register.