Certified in the Governance of Enterprise IT (CGEIT) — Question 127

An enterprise has decided to create its first mobile application. The IT director is concerned about the potential impact of this initiative. Which of the following is the MOST important input for managing the risk associated with this initiative?

Answer options

• A. Business requirements
• B. IT risk scorecard
• C. Enterprise risk appetite
• D. Enterprise architecture (EA)

Correct answer: A

Explanation

The most important input for managing risk in this context is the business requirements, as they define the application's goals and functionalities. While the IT risk scorecard, enterprise risk appetite, and enterprise architecture are valuable, they are secondary to understanding what the business needs from the application to mitigate risks effectively.