A segregation of duties control was found to be ineffective because it did not account for all applicable functions when evaluating access. Who is responsible for ensuring the control is designed to effectively address risk?
"Unwillingness of a risk owner to accept current risk mandates
the adoption of a new risk response, continued through iterations until the risk reaches an acceptable level,
at which point the risk owner should formally accept the risk. Acceptance of residual risk should also
include accountable ownership of the controls that produce the appropriate mitigations to ensure that these
remain in effect after acceptance."
It is indeed Risk owner.
Is control owner.
ISACA definition: A person in whom the enterprise has invested the authority and accountability for making control-related decisions and is responsible for ensuring that the control is implemented and is operating effectively and efficiently.
Risk owner is accountable, is it not control owner?
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
mynk29
3 months, 4 weeks agomynk29
3 months, 4 weeks agomynk29
3 months, 4 weeks agoCbtL
4 months, 2 weeks agoKoulyo
5 months, 2 weeks agoap0ls
6 months, 1 week agojohn_boogieman
7 months, 2 weeks agoSuchib
8 months, 2 weeks ago