CGEIT Question #543: Real Exam Question with Answer & Explanation

The correct answer is B: Business sponsor. For an enterprise implementing a new mobile sales channel, the business sponsor should provide final approval for accepting the associated IT risk.

Submitted by ricky.ec· Apr 18, 2026Governance of Enterprise IT

Question

An enterprise is implementing its first mobile sales channel. Final approval for accepting the associated IT risk should be obtained from which of the following?

Options

ARisk manager
BBusiness sponsor
CChief information officer (CIO)
DIT steering committee

Explanation

For an enterprise implementing a new mobile sales channel, the business sponsor should provide final approval for accepting the associated IT risk.

Common mistakes.

A. A risk manager identifies, assesses, and monitors risks, but typically does not hold the authority for final risk acceptance; that responsibility lies with those accountable for the business outcome.
C. The Chief Information Officer (CIO) is responsible for managing IT risks, but final business risk acceptance for a new business channel generally rests with the business owner, who owns the overall success and risk profile of the initiative.
D. An IT steering committee provides governance and oversight for IT initiatives, but while they may recommend or advise on risk, the ultimate acceptance of business risk for a new channel typically resides with the business sponsor.

Concept tested. IT risk acceptance authority

Reference. https://www.isaca.org/resources/isaca-journal/issues/2016/volume-1/it-risk-management

Topics

#Risk ownership#IT risk acceptance#Business sponsor accountability#IT governance roles

Community Discussion

No community discussion yet for this question.

Full CGEIT Practice Browse All CGEIT Questions