10 Risk Response and Control Ownership

This chapter marks the beginning of Domain 3: Risk Response and Reporting for CRISC. This domain represents 32 percent (approximately 48 questions) of the revised CRISC exam. As a reminder, Domain 2 of the CRISC exam and the material we learned until Chapter 9, Business Impact Analysis, and Inherent and Residual Risk, focused on IT risk assessment, which relates to IT risk analysis and assessment. This and the following three chapters focus on risk response, control design and implementation, and risk monitoring and reporting.

The aim of this chapter is to introduce the concepts of risk response and monitoring and risk and control ownership, take a deeper dive into the risk response strategies – mitigate/accept/transfer/avoid ...

Get ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide by Shobhit Mehta

10

Risk Response and Control Ownership

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly