Certified in the Governance of Enterprise IT (CGEIT) — Question 242

An enterprise has performed a business impact analysis (BIA) considering a number of risk scenarios. Which of the following should the enterprise do NEXT?

Answer options

• A. Assess risk mitigation strategies
• B. Verify compliance with relevant legislation
• C. Perform a risk controls gap analysis
• D. Update the disaster recovery plan (DRP)

Correct answer: C

Explanation

The correct answer is C because performing a risk controls gap analysis will help identify any weaknesses in current controls and determine what additional measures may be necessary. Options A and D focus on post-analysis actions rather than addressing existing gaps, while B relates to compliance rather than direct risk management.