▲ 4 r/CISA
Need a sanity check on this Risk Owner vs. Custodian question (Domain 2)
Q: Who is MOST likely responsible for implementing a technical control to mitigate an identified risk?
A. Custodian
B. Compliance officer
C. Risk owner
D. Senior management
The correct answer is C. Risk owner
Official Justification from the practice test:
>
I picked A because in my experience "implementation" implies the technical work done by the Custodian. Any advice on how to better identify when the exam is describing Custodian or Risk Owner would be appreciated.
Thanks!
u/Creative-Support1018 — 10 days ago