Accountability
To run a business, there are always business risks. It is a matter of how much risk acceptance is comfortable.
Say, shoplifter will incur revenue loss of a supermarket. Therefore, protection decision is against high value goods, e.g. adding RFiD anti-theft tag. Even CCTV and guards are deployed, there might still be a chance of incidental slipping thru on goods not protected by anti-theft tag. This is risk acceptance.
The business owner is fully accountable to manage these risks. That said, there should be parties with different knowledge domains to help business owner understand the inherent risks and the ultimate risk acceptance is the business owner.
For risks involving regulatory compliance, these must be addressed or else putting the organization into civil or criminal offence, temporary or even permanent suspension of business license. An example is the taxi business that needs to have vehicle license for passenger, compulsory vehicle inspection, public liability insurance, emission control of exhausted...