Certified in the Governance of Enterprise IT (CGEIT) — Question 154

Which of the following is MOST critical to have in place before management can establish an IT risk assessment and response approach?

Answer options

• A. A portfolio of IT investments
• B. Defined roles and responsibilities
• C. Historic data on risk events
• D. A balanced scorecard

Correct answer: B

Explanation

Having defined roles and responsibilities is crucial as it ensures that all stakeholders understand their duties in the risk assessment process. Without this clarity, efforts may become disorganized and ineffective. The other options, while important, do not directly facilitate the establishment of a structured approach to risk management.