Operational owner
Maintains control evidence, routine review, and exception notes.
Governance Mandate
Decision rights need a place to land.
Greyovau frames governance work around authority, ownership, escalation, and review rhythm so risk decisions do not remain abstract.
Decision Rights
Mandate matrix for risk ownership.
Question
Owner
Evidence
Escalation
Who can accept exposure?
Executive sponsor
Risk acceptance note
Board review
Who maintains the control?
Functional owner
Operating evidence
Control exception
Who reviews vendors?
Procurement / security
Supplier register
Dependency trigger
Executive sponsor
Accepts business tradeoffs and prioritizes remediation.
Board review
Receives material exposure, continuity risk, and residual acceptance matters.