A systems interruption has been traced to a personal USB device plugged into the corporate network by an IT employee who bypassed internal control procedures. Of the following, who should be accountable?

A. Chief risk officer (CRO)
B. Business continuity manager (BCM)
C. Human resources manager (HRM)
D. Chief information officer (CIO)