CGEIT Question #654: Real Exam Question with Answer & Explanation

Question

Which of the following will BEST help to ensure enterprise IT risk is effectively managed?

Options

• AEstablishing an audit committee that reports to the board
• BEstablishing roles and responsibilities for IT risk at the senior management level
• CIdentifying the lowest IT risks and outsourcing the related IT functions
• DAssigning a project sponsor and project manager to implement an IT risk register

Explanation

Effectively managing enterprise IT risk is best achieved by establishing clear roles and responsibilities for IT risk at the senior management level, ensuring accountability and strategic oversight.

Common mistakes.

• A. An audit committee reporting to the board provides oversight but does not directly establish the operational or strategic management of IT risk within the executive structure.
• C. Outsourcing low IT risks is a risk response strategy, but it does not ensure effective management of enterprise IT risk as a whole, nor does it address accountability for risk.
• D. Assigning a project sponsor and project manager for an IT risk register helps implement a tool, but it doesn't establish the comprehensive governance and accountability for managing IT risk across the enterprise, especially at a strategic level.

Concept tested. IT risk governance and accountability

Reference. https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/govern/security/security-governance-strategy

No community discussion yet for this question.