Certified in the Governance of Enterprise IT (CGEIT) — Question 253

An enterprise has been focused on establishing an IT risk management framework. Which of the following should be the PRIMARY motivation behind this objective?

Answer options

• A. Increasing the enterprise's risk tolerance level and risk appetite.
• B. Engaging executives in examining IT risk when developing policies.
• C. Promoting responsibility throughout the enterprise for managing IT risk.
• D. Maintaining a complete and accurate risk registry to better manage IT risk.

Correct answer: C

Explanation

The correct answer, C, emphasizes the importance of accountability in managing IT risk across the organization, which is essential for an effective risk management framework. Options A and B, while relevant, do not directly address the overarching goal of responsibility in IT risk management. Option D focuses on maintaining a registry, which is important but is a means to an end rather than the primary motivation.