Certified in the Governance of Enterprise IT (CGEIT) — Question 23

Which of the following is the MOST effective way of assessing enterprise risk?

Answer options

• A. Business vulnerability assessment
• B. Operational risk assessment
• C. Business impact analysis (BIA)
• D. Likelihood of threat analysis

Correct answer: C

Explanation

The correct answer is C, Business impact analysis (BIA), because it provides a comprehensive assessment of the potential impacts of various risks on business operations. The other options, while important, focus on specific aspects of risk and do not capture the overall impact that risks can have on the enterprise as effectively as a BIA.