An organization is deploying a new financial system that will handle sensitive transactions. During a risk assessment, several control gaps are identified. Who should be responsible for ensuring that the necessary controls are implemented and monitored?