Certified in the Governance of Enterprise IT (CGEIT) — Question 54

Which of the following would be the BEST way for an enterprise to address new legal and regulatory requirements applicable to IT?

Answer options

• A. Benchmark how other IT organizations are treating the new requirements.
• B. Adopt a zero-tolerance approach for noncompliance with regulatory matters.
• C. Treat as a risk to be assessed before developing a response.
• D. Use a cost-benefit analysis to determine if compliance is warranted.

Correct answer: D

Explanation

The correct answer, D, emphasizes the importance of weighing the costs against the benefits of compliance, helping the organization make an informed decision. Option A may provide insights but lacks a proactive approach. Option B could lead to rigidity without considering the context, while C might delay action needed to ensure compliance.