CGEIT Question #138: Real Exam Question with Answer & Explanation

The correct answer is C: Compliance with local regulations. The best justification for an enterprise accepting IT risk that exceeds its appetite for a foreign subsidiary is the necessity of complying with local regulations.

Submitted by mike_84· Apr 18, 2026Governance of Enterprise IT

Question

An enterprise decides to accept the IT risk of a subsidiary located in another country even though it exceeds the enterprise's risk appetite. Which of the following would be the BEST justification for this decision?

Options

ARisk framework alignment
BLocal market common practices
CCompliance with local regulations
DTechnical gaps among subsidiaries

Explanation

The best justification for an enterprise accepting IT risk that exceeds its appetite for a foreign subsidiary is the necessity of complying with local regulations.

Common mistakes.

A. Risk framework alignment would typically suggest harmonizing risk management, which contradicts accepting risk that exceeds the enterprise's appetite.
B. Local market common practices might influence risk, but they are generally not a compelling justification to exceed a defined risk appetite unless those practices are legally mandated.
D. Technical gaps among subsidiaries identify areas for improvement but do not justify exceeding an enterprise risk appetite; rather, they call for remediation.

Concept tested. Risk acceptance justification

Reference. https://www.isaca.org/resources/isaca-journal/issues/2013/volume-5/risk-management-strategies-for-the-board-and-senior-management

Topics

#Risk acceptance#Risk appetite#Regulatory compliance#IT governance decisions

Community Discussion

No community discussion yet for this question.

Full CGEIT Practice Browse All CGEIT Questions