CISM: Risk Management Roles and Responsibilities

From Glitchdata
Jump to navigation Jump to search

Some common risk management roles:

  • Chief Risk Officer (CRO)
    • CRO is across all risks (safety, physical, legal, reputation etc...)
  • Chief Information Officer (CIO)
    • Focused on Information Technology
  • Chief Information Security Officer (CISO)
    • Conflicts of interest may arise if the CISO reports to CIO as security is often seen as a constraint on IT.
  • External Auditors
    • External auditors do not have detailed knowledge of the business.
  • Process Owners
    • Process owners are best placed to perform risk analysis for a business. This is because they have the most in-depth knowledge of risk and compensating controls within their environment.
  • Specialised Management Consultants
    • Management consultings are expected to have the necessary skills in risk analysis techniques, but would still have to rely on Process Owners for intimate knowledge of the business.
Retrieved from ‘https://wiki.glitchdata.com/index.php?title=CISM:_Risk_Management_Roles_and_Responsibilities&oldid=29859