CISM: Risk Management Roles and Responsibilities

From Glitchdata
Jump to navigation Jump to search

Some common risk management roles:

  • Chief Risk Officer (CRO)
    • CRO is across all risks (safety, physical, legal, reputation etc...)
  • Chief Information Officer (CIO)
    • Focused on Information Technology
  • Chief Information Security Officer (CISO)
    • Conflicts of interest may arise if the CISO reports to CIO as security is often seen as a constraint on IT.
  • External Auditors
    • External auditors do not have detailed knowledge of the business.
  • Process Owners
    • Process owners are best placed to perform risk analysis for a business. This is because they have the most in-depth knowledge of risk and compensating controls within their environment.
  • Specialised Management Consultants
    • Management consultings are expected to have the necessary skills in risk analysis techniques, but would still have to rely on Process Owners for intimate knowledge of the business.