Certified in the Governance of Enterprise IT (CGEIT) — Question 24

Which of the following is the MOST valuable input when quantifying the loss associated with a major risk event?

Answer options

• A. Key risk indicators (KRIs)
• B. Recovery time objectives (RTOs)
• C. IT environment threat modeling
• D. Business impact analysis (BIA) report

Correct answer: A

Explanation

Key risk indicators (KRIs) provide measurable values that help organizations understand potential losses from risk events, making them crucial for quantification. Recovery time objectives (RTOs) focus on recovery timelines rather than financial impact, while IT environment threat modeling is more about identifying threats than quantifying loss. Business impact analysis (BIA) reports are important but are typically secondary to the direct metrics provided by KRIs in this context.