Which of the following is correct with respect to roles within an enterprise-wide risk management process?
1. The board provides oversight to the risk management process.
2. Executive management owns the risk management framework.
3. Senior management is assigned ownership of risks.
4. Internal audit modifies the risk assessment determined by management.
In an enterprise-wide risk management process, the board is responsible for providing oversight, which includes ensuring that the risk management process is adequately designed and functioning. Executive management owns the risk management framework, as they are responsible for designing, implementing, and maintaining the risk management process. Senior management typically plays a role in managing risks but is not necessarily assigned ownership of specific risks as risk owners are usually more operational-level managers. Internal audit does not modify the risk assessments determined by management; instead, it provides independent assurance on the effectiveness of the risk management process. Therefore, the correct answer is that the board provides oversight and executive management owns the risk management framework.
C is incorrect as SM are not risk owners. I think A is the correct answer.
Risklerin sahibi olan, üst yönetim midir yönetim midir?
Why not A? "ownership of risks" means a risk owner, doesn't it? If so, senior management is not a risk owner.