Certified in the Governance of Enterprise IT (CGEIT) — Question 278

A CIO has recently been made aware of a new regulatory requirement which may affect IT-enabled business activities. Which of the following should be the CIO's
FIRST step in deciding the appropriate response to the new requirement?

Answer options

• A. Consult with legal and risk experts to understand the requirements.
• B. Confirm there are adequate resources to mitigate compliance requirements.
• C. Consult with the board for guidance on the new requirement.
• D. Revise initiatives that are active to reflect the new requirements.

Correct answer: A

Explanation

The correct answer is A because consulting with legal and risk experts is essential to fully understand the implications of the new regulatory requirement. The other options, while important, do not address the need for clarity on the requirements before taking further actions like confirming resources, seeking board guidance, or revising initiatives.