02. Risk and Control Ownership

Question 1

Risk and Control Ownership

Owners are formally assigned and recorded to all…

Answer 1

1. Risks
2. Controls
3. Assets
4. Processes
5. Procedures
6. Records

187

Question 2

Risk and Control Ownership

Risk ownership may be assigned to one or several different managers psanning multiple functional areas because…

Answer 2

risks are likely to affect multiple (functional) areas of the business

187

Question 3

Risk and Control Ownership

The risk owner is not necessarilly the person accountbale for mkaing the risk treatment decision or owner of the asset but generally is the…

Answer 3

department or business unit owner within which the risk resides

187

Question 4

Risk and Control Ownership

This person should have a say in the risk treatment decision with regard to whether they (the individual) are inclined to accept the risk or whether they want the risk reduced through mitigation

Answer 4

Risk owner

187

Question 5

Risk and Control Ownership

Risk managers or security managers should routinely monitor risks and if there are any changes, they should inform the…

Answer 5

Risk owner to help them remain fully informed and to continue to own the risk effectively

187

Question 6

Risk and Control Ownership

When an individual leaves a business or changes role, risk ownership should remain with the position and assigned to the replacement individual. If the position is not filled, ownership should be..

Answer 6

Transferred to the next higher-up in the organisation

188

Question 7

Risk and Control Ownership

To ensure that controls become and remain effective, management should formally…

Answer 7

assign responsibility and ownership of each control

188

Question 8

Risk and Control Ownership

Authority to make decisions about the operation of controls should be with…

Answer 8

The Control Owner

188