CRISC Certified in Risk and Information Systems Control – Question285

You are working in an enterprise. Your enterprise owned various risks. Which among the following is MOST likely to own the risk to an information system that supports a critical business process?

A.
System users
B. Senior management
C. IT director
D. Risk management department

Correct Answer: B

Explanation:

Explanation: Senior management is responsible for the acceptance and mitigation of all risk. Hence they will also own the risk to an information system that supports a critical business process.
Incorrect Answers:
A: The system users are responsible for utilizing the system properly and following procedures, but they do not own the risk.
C: The IT director manages the IT systems on behalf of the business owners.
D: The risk management department determines and reports on level of risk, but does not own the risk. Risk is owned by senior management.