Certified in the Governance of Enterprise IT (CGEIT) — Question 165
Which of the following provides the BEST evidence of an IT risk-aware culture across an enterprise?
Answer options
- A. The IT infrastructure is resilient.
- B. IT risks are communicated to the business.
- C. Business staff report identified IT risks.
- D. IT risk-related policies are published.
Correct answer: C
Explanation
Option C is correct because when business staff actively report identified IT risks, it demonstrates a proactive engagement with risk management, indicating a culture that prioritizes awareness and communication. Options A, B, and D, while important, do not reflect the active participation and awareness of all employees in recognizing and reporting risks, which is crucial for a truly risk-aware culture.