Answer:
False
Step-by-step explanation:
The three lines of defense are Operational Management, Risk Management, and Internal Audit.
Operational Management's goal is to prepare and maintain internal controls that will help in executing risk and control procedures on a daily basis. While the purpose of risk management is to ensure that the first line of defense (i.e. operational management) is functioning properly as required.
Keeping the above points in view the statement "the enterprise risk management program is responsible for controlling risk on a daily basis" is false as it is responsible for overseeing the operational management rather than controlling risk on daily basis.