The correct answer isBbecause thefirst linein the three lines model is responsible formanaging risk. This includes owning risk, operating controls, and taking action to address control deficiencies as part of normal business and operational activities.
The other options are less accurate:
A. Advising on riskis more aligned with second-line functions.
C. Assessing riskcan be performed by multiple functions, but it is not the primary definition of the first line.
D. Monitoring riskis also shared across functions and not the main role of the first line.
Exact Extracts supporting the answer:
“Operational management is the function that manages risk according to the three lines of defense model.”
“Risk owner is a risk management role that is part of the first line of defense.”
“One of the MAIN purposes of the first line of defense in the three lines of defense model is to ensure control deficiencies are addressed.”
“The MOST significant benefit of using the three lines of defense model in a risk management framework of an enterprise is that it clarifies essential roles of the key stakeholders.”
These extracts directly support that the primary function of the first line ismanaging risk.
===========
Submit