ISACA CRISC Flashcards

Master key concepts with interactive flashcards

Need help staying focused? LockIn blocks distractions while you study.

Card 1 of 50

0 known

Corporate IT Governance

Question

What are the three lines of defense in IT risk governance?

Click to reveal answer

Corporate IT Governance

Answer

1st Line: Business operations (risk owners who accept and manage day-to-day risk) 2nd Line: Risk management and compliance functions (oversight, frameworks, policies) 3rd Line: Internal audit (independent assurance that the first two lines are effective) Each line has distinct accountability; overlapping roles between lines creates governance gaps.

Click to show question

Tip: Use ← → arrow keys to navigate, Space to flip card