Open the app Sign in Start free

CRISC - Governance - Section 1.2

Define organisational structures, roles and responsibilities that support effective risk governance.

Define organisational structures, roles and responsibilities using tools such as a RACI matrix to assign accountability for IT risk. Distinguish between board oversight at the governance level and operational risk ownership at the execution level.

Roles and responsibilitiesRACIBoard oversightAccountability

More in this domain

Align the IT risk management approach with the organisation's strategy, goals and objectives.Section 1.1
Assess how organisational culture influences risk-aware decision-making and behaviour.Section 1.3
Evaluate policies and standards as the instruments that translate governance intent into operational control.Section 1.4
Identify legal, regulatory and contractual requirements that shape the IT risk programme.Section 1.5
Incorporate business process resilience and continuity considerations into organisational governance.Section 1.6
Apply enterprise risk management concepts and a risk management framework to govern IT risk.Section 1.7
Establish lines of defence that separate risk ownership, oversight and independent assurance.Section 1.8
Define risk appetite and risk tolerance and use them to guide risk decisions.Section 1.9
Maintain an enterprise risk profile and apply professional ethics in the conduct of risk management.Section 1.10

Back to all Governance objectives, or the CRISC cert hub.

Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.