Question 21
Domain 1 — Governance and Risk Management FrameworksWhich of the following is a responsibility of the Chief Risk Officer (CRO)?
Correct answer: C
Explanation
The Chief Risk Officer oversees the organization’s risk function, including setting up the enterprise risk management framework. This role typically includes “developing and maintaining the enterprise risk management framework” so risks are identified, assessed, monitored, and reported consistently across the firm.
Why each option is right or wrong
A. Implementing all risk controls
B. Setting the organization's risk appetite
C. Developing and maintaining the enterprise risk management framework
Under the standard governance structure used in enterprise risk management, the Chief Risk Officer is the senior executive accountable for designing, implementing, and keeping current the firm’s ERM framework so risk identification, assessment, monitoring, and reporting operate consistently across business lines. In practice, this is the CRO’s core remit rather than a line-management or audit function, because the framework must be maintained centrally to ensure risk limits, escalation, and reporting remain aligned with the organization’s risk appetite.
D. Auditing risk management processes