Certified in the Governance of Enterprise IT (CGEIT) — Question 3

An enterprise decides to accept the IT risk of a subsidiary located in another country even though it exceeds the enterprise's risk appetite. Which of the following would be the BEST justification for this decision?

Answer options

• A. Local market common practices
• B. Risk framework alignment
• C. Technical gaps among subsidiaries
• D. Compliance with local regulations

Correct answer: C

Explanation

Choosing to accept the IT risk due to technical gaps among subsidiaries indicates an understanding that these gaps may lead to greater risks that are inherent in the operations. The other options, while potentially relevant, do not directly justify the acceptance of a risk level that exceeds the company's established risk appetite.