Hey @David-Thompson
Pretty much. What you'll find is that many people will double up on roles in small to medium size companies. Plus, in an ISO 27001 environment, the organization's Board of Directors is ultimately accountable for much of what happens in the company. What typically happens is that the person responsible will be working closely with the accountable person with a reporting structure to the accountable and support in resources to the responsible. It's supposed to be a two way street. In reality, this can become an issue if there isn't appropriate communication and well-defined tasks. And in the case of your example, if it was a bad enough incident, you'd be fired. :-)
Great question David!!