CGEIT · Question #301
CGEIT Question #301: Real Exam Question with Answer & Explanation
The correct answer is D: Risk appetite of the enterprise. When defining a risk management policy for IT-enabled investments, the primary consideration should be the risk appetite of the enterprise. The risk appetite defines the level of risk the organization is willing to accept, which then guides all subsequent risk management activiti
Question
An IT governance committee is defining a risk management policy for a portfolio of IT-enabled investments. Which of the following should be the PRIMARY consideration when developing the policy?
Options
- ARisk management framework
- BPossible investment failures
- CValue obtained with minimum risk
- DRisk appetite of the enterprise
Explanation
When defining a risk management policy for IT-enabled investments, the primary consideration should be the risk appetite of the enterprise. The risk appetite defines the level of risk the organization is willing to accept, which then guides all subsequent risk management activities and policy development.
Common mistakes.
- A. A risk management framework provides the structure and methodology for managing risk, but it must be tailored to align with the enterprise's specific risk appetite.
- B. Possible investment failures are specific risks that the policy will address, but the overall acceptable level of such failures is determined by the enterprise's risk appetite.
- C. "Value obtained with minimum risk" is a desired outcome of effective risk management, but the definition of "minimum risk" for the enterprise is set by its risk appetite.
Concept tested. Enterprise risk management (ERM) principles
Reference. https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility
Topics
Community Discussion
No community discussion yet for this question.