CGEIT Question #470: Real Exam Question with Answer & Explanation

Question

An organization has decided to integrate IT risk with the enterprise risk management (ERM) framework. The FIRST step to enable this integration is to establish:

Options

• Aa common risk management taxonomy.
• Ba common risk organization.
• Ccommon key risk indicators (KRIs).
• Dcommon risk mitigation strategies.

Explanation

The first step to integrating IT risk with an enterprise risk management (ERM) framework is establishing a common risk management taxonomy. This ensures consistent language and understanding of risk across the entire organization.

Common mistakes.

• B. A common risk organization (e.g., a shared committee) is important for governance but cannot function effectively without a common understanding of what constitutes a risk, which the taxonomy provides.
• C. Common Key Risk Indicators (KRIs) are metrics used to monitor risk, but they cannot be effectively defined or utilized until a common understanding and classification of risks (taxonomy) is in place.
• D. Common risk mitigation strategies can only be developed effectively once risks are consistently identified, assessed, and understood using a shared taxonomy.

Concept tested. IT risk and ERM integration foundation

No community discussion yet for this question.