Certified in the Governance of Enterprise IT (CGEIT) — Question 148

When conducting a risk assessment in support of a new regulatory requirement, the IT risk committee should FIRST consider the:

Answer options

• A. cost burden to achieve compliance.
• B. disruption to normal business operations.
• C. readiness of IT systems to address the risk.
• D. risk profile of the enterprise.

Correct answer: D

Explanation

The risk profile of the enterprise is crucial as it provides a comprehensive overview of existing risks and vulnerabilities, which is essential when assessing new regulatory requirements. The other options, while important, should be considered after understanding the overall risk landscape to ensure a more informed decision-making process.