CRISC - Risk Response and Reporting - Section 3.3
Establish risk and control ownership to ensure accountability for residual risk and control operation.
Establish risk ownership and control ownership as separate accountabilities, ensuring the risk owner formally accepts residual risk and the control owner is responsible for the control's continued operation. Recognise that ambiguous ownership is itself a governance risk that can leave residual risk unmonitored.
Risk ownershipControl ownershipAccountabilityResidual risk acceptance
More in this domain
Back to all Risk Response and Reporting objectives, or the CRISC cert hub.
Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.