Certified in the Governance of Enterprise IT (CGEIT) — Question 178

A CEO of a large enterprise is concerned that risk events are not regularly addressed at the C-suite level unless related to emergency incidents. Which of the following is the BEST way for the CEO to ensure risk events are given sufficient time and attention?

Answer options

• A. Instruct managers to take ownership for their department's identified risks.
• B. Issue performance objectives that target the elimination of enterprise risks.
• C. Include the discussion of key enterprise risk as an agenda item at board meetings.
• D. Require the development of a risk procedure on how to capture risks.

Correct answer: C

Explanation

The correct answer is C because including risk discussions in board meetings ensures that these topics are prioritized and regularly reviewed by top executives. Option A, while promoting accountability, does not guarantee that risks will be thoroughly addressed at the C-suite level. Option B focuses on performance objectives but may not directly facilitate ongoing risk discussions. Option D proposes a procedure for capturing risks, but it does not ensure that these risks will be adequately discussed and managed at the executive level.