Isaca Certified in Risk and Information Systems Control CRISC Question # 360 Topic 37 Discussion
CRISC Exam Topic 37 Question 360 Discussion:
Question #: 360
Topic #: 37
Following the identification of a risk associated with a major organizational change, which of the following is MOST important to update in the IT risk register?
The risk register should clearly documentwho is accountablefor managing each risk. CRISC defines the risk owner as the individual (often a business or process owner) who is responsible for ensuring appropriate treatment and monitoring of the risk. When a major organizational change occurs—such as restructuring, mergers, or changes in responsibility—it is critical to update the risk owner so that accountability remains clear and no risk is left unmanaged. The identity of the person who identified the risk is less important; that role is informational and does not drive ongoing accountability. Control owners and risk response owners are important roles, but they typically operate under the direction of the risk owner. Ensuring the correct risk owner is assigned prevents gaps in oversight and aligns the risk with the correct decision-making authority.
[Reference:CRISC Review Manual – Governance / Risk Register and role definitions (risk owner accountability)., ===========, ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit