CRISC Certified in Risk and Information Systems Control – Question321

Which of the following role carriers has to account for collecting data on risk and articulating risk?

A.
Enterprise risk committee
B. Business process owner
C. Chief information officer (CIO)
D. Chief risk officer (CRO)

Correct Answer: D

Explanation:

Explanation:
CRO is the individual who oversees all aspects of risk management across the enterprise. Chief risk officer has the main accountability for collecting data and articulating risk. If there is any fault in these processes, then CRO should be answerable.
Incorrect Answers:
A: Enterprise risk committee are the executives who are accountable for the enterprise level collaboration and consensus required to support enterprise risk management (ERM). They are to some extent responsible for articulating risk but are not accounted for it. They are neither responsible nor accounted for collecting data on risk.
B: Business process owner is an individual responsible for identifying process requirements, approving process design and managing process performance. He/she is responsible for collecting data and articulating risk but is not accounted for them.
C: CIO is the most senior official of the enterprise who is accountable for IT advocacy; aligning IT and business strategies; and planning, resourcing and managing the delivery of IT services and information and the deployment of associated human resources. CIO has some responsibility towards collecting data and articulating risk but is not accounted for them.