Certified in the Governance of Enterprise IT (CGEIT) — Question 249

An enterprise has decided to implement an IT risk management program. After establishing stakeholder desired outcomes, the MAIN goal of the IT strategy committee should be to:

Answer options

• A. perform a risk analysis on key IT processes.
• B. ensure IT risk alignment with enterprise risk.
• C. identify business data that requires protection.
• D. implement controls to address high risk areas.

Correct answer: B

Explanation

The correct answer, B, emphasizes the importance of ensuring that IT risks are consistent with the broader enterprise risk management framework. This alignment is crucial for a cohesive risk management strategy. The other options, while important activities, focus on specific tasks rather than the overarching goal of alignment.