Certified in the Governance of Enterprise IT (CGEIT) — Question 13

Which of the following is the BEST way to provide effective IT risk management?

Answer options

• A. Implementing a cost-effective mitigation program
• B. Appointing a chief risk officer
• C. Embedding risk management in operations
• D. Establishing an incident management program

Correct answer: A

Explanation

The best approach to IT risk management is implementing a cost-effective mitigation program, as it directly addresses potential risks while ensuring resource efficiency. While appointing a chief risk officer and embedding risk management in operations are important, they may not be as immediately impactful on risk reduction as a focused mitigation strategy. Establishing an incident management program is also crucial but more reactive, rather than proactively managing risks.