Certified in the Governance of Enterprise IT (CGEIT) — Question 269

Which of the following should be the PRIMARY governance objective for selecting key risk indicators (KRIs) related to legal and regulatory compliance?

Answer options

• A. Demonstrating sound risk management practices
• B. Ensuring the effectiveness of IT compliance controls
• C. Identifying the risk of noncompliance
• D. Measuring IT alignment with enterprise risk management (ERM)

Correct answer: C

Explanation

The correct answer, C, focuses on recognizing the risk of noncompliance, which is essential for governance in legal and regulatory matters. While A, B, and D address important aspects of risk management and compliance, they do not directly prioritize identifying noncompliance risks, which is critical for effective governance.