Certified in the Governance of Enterprise IT (CGEIT) — Question 4
An IT governance committee is defining a risk management policy for a portfolio of IT-enabled investments. Which of the following should be the PRIMARY consideration when developing the policy?
Answer options
- A. Risk appetite of the enterprise
- B. Risk management framework
- C. Value obtained with minimum risk
- D. Possible investment failures
Correct answer: B
Explanation
The correct answer is B, as a risk management framework provides the structured approach necessary for identifying, assessing, and mitigating risks effectively. While options A, C, and D are relevant considerations, they fall under the broader context of the framework, which should guide all risk management activities.