Certified in the Governance of Enterprise IT (CGEIT) — Question 109

An enterprise has decided to execute a risk self-assessment to identify improvement opportunities for current IT services. Which of the following is MOST important to address in the assessment?

Answer options

• A. IT capability and performance measures
• B. Mapping of business objectives to IT risk
• C. Residual IT risk
• D. Related business risk

Correct answer: B

Explanation

The most crucial element to address is the mapping of business objectives to IT risk because it ensures that the assessment aligns IT strategies with the overall business goals. While IT capability, residual IT risk, and related business risks are important, they do not directly connect the IT risks to the business objectives, which is essential for effective risk management.