Certified in the Governance of Enterprise IT (CGEIT) — Question 330

Which of the following is the PRIMARY ongoing responsibility of the IT governance function related to risk?

Answer options

• A. Responding to and controlling all IT risk events
• B. Verifying that all business units have staff skilled at assessing risk
• C. Communicating the enterprise risk management plan
• D. Ensuring IT risk management is aligned with business risk appetite

Correct answer: C

Explanation

The correct answer is C, as the primary ongoing responsibility of IT governance is to communicate the enterprise risk management plan to ensure all stakeholders are informed. Options A and B are more reactive and operational in nature, while D, while important, focuses on alignment rather than the ongoing communication of the risk management framework.