CGEIT Question #175: Real Exam Question with Answer & Explanation

The correct answer is A: Business staff report identified IT risks.. The strongest evidence of an IT risk-aware culture across an enterprise is when business staff actively identify and report identified IT risks.

Submitted by deeparc· Apr 18, 2026Risk Optimization

Question

Which of the following provides the BEST evidence of an IT risk-aware culture across an enterprise?

Options

ABusiness staff report identified IT risks.
BIT risks are communicated to the business.
CIT risk-related policies are published.
DThe IT infrastructure is resilient.

Explanation

The strongest evidence of an IT risk-aware culture across an enterprise is when business staff actively identify and report identified IT risks.

Common mistakes.

B. Communicating IT risks to the business is a necessary step, but it doesn't inherently prove that the business itself has adopted a proactive, risk-aware mindset to identify new risks independently.
C. Publishing IT risk-related policies provides a framework and guidelines, but policies alone do not guarantee their active understanding and application in fostering a proactive risk-aware culture.
D. A resilient IT infrastructure is a positive outcome of effective risk management, but it is a technical state rather than direct evidence of the human element of a risk-aware culture across the enterprise.

Concept tested. Enterprise risk culture

Reference. https://www.iso.org/standard/65008.html

Topics

#Risk-aware culture#Enterprise risk management#Business involvement in risk#Risk reporting

Community Discussion

No community discussion yet for this question.

Full CGEIT Practice Browse All CGEIT Questions