While risk owners are indeed accountable for overseeing the management of risks related to their assets, including ensuring that risks are assessed and appropriate mitigation strategies are identified, the actual execution of mitigation tasks frequently involves coordination with different departments or roles within an organization. Risk owners may oversee the process, but the implementation of risk controls often requires a collaborative approach with security professionals, IT staff, and other stakeholders -- not sole execution by the risk owners themselves.