An organization has identified a risk exposure due to weak technical controls in a newly implemented HR system. The risk practitioner is documenting the risk in the risk register. The risk should be owned by the:

A. business process owner.
B. chief information officer.
C. project manager.
D. chief risk officer.