The correct answer isAbecause afacilitated risk management workshopis most likely to result in agreement on accountability for risk scenarios. A workshop allows relevant stakeholders to discuss the scenarios together, align on business context, clarify roles, and agree on who owns the risk and who is responsible for treatment and escalation.
The other options are less effective:
B. Relying on generic risk scenariosreduces alignment with the specific business context and usually weakens ownership clarity.
C. Relying on external IT risk professionalsmay provide expertise, but accountability must be agreed internally by business stakeholders.
D. Distributing predefined scenarios for reviewis less effective than active facilitation because it does not create the same level of interaction and consensus.
Exact Extracts supporting the answer:
“An interdisciplinary team within the enterprise offers the best perspective on risk management to employees and stakeholders.”
“To ensure the overall effectiveness of a risk management program it is essential to have the participation of relevant stakeholders.”
“Clear detailed roles and responsibilities are MOST critical to ensure the three lines of defense work together effectively.”
“The BEST approach when developing risk scenarios for an enterprise is to use both the top-down and the bottom-up approach because they have different perspectives.”
“The management team owns the risk and is responsible for identifying assessing and mitigating risk and reporting to the appropriate support functions and the board of directors.”
These extracts support that agreement on accountability is most likely when relevant stakeholders actively participate together in a structured discussion.
===========
