Certified in the Governance of Enterprise IT (CGEIT) — Question 32
A regulatory audit assessed an enterprise's main transactional application as noncompliant. In addition to fines and required corrections, an agreement was reached to implement a set of governance controls over IT. Accountability for these controls is BEST assigned to which of the following?
Answer options
- A. Internal audit director
- B. CIO
- C. The board of directors
- D. Application users
Correct answer: B
Explanation
The CIO is responsible for overseeing IT governance and ensuring compliance within the organization, making them the best choice for accountability. The internal audit director primarily focuses on auditing processes and compliance checks, while the board of directors has a higher-level oversight role and application users do not have the authority to implement governance controls.