The primary consideration when identifying and assigning ownership of IT-related risk is determining who is accountable for the potential business impact if the risk materializes. That person or role:
Has the most at stake and therefore the strongest incentive to manage the risk effectively.
Is responsible for ensuring that the risk remains within acceptable levels (aligned with risk appetite and tolerance).
Typically owns the business process or asset that would be most affected by the risk event.
Assigning risk ownership based on accountability for losses ensures proper prioritization, decision-making authority, and resource allocation to manage the risk effectively.
B. Accountability for losses due to impact
This choice ensures that the individual or entity responsible for managing the risk is also accountable for any negative consequences or losses that may arise from the risk materializing. While other factors such as control operation and the ability to design controls are important, ultimately, it is the accountability for the impact that drives effective risk management practices.
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
d9iceguy
1 month, 3 weeks agoJoloms
9 months, 1 week ago