Certified in the Governance of Enterprise IT (CGEIT) — Question 73

Before establishing IT key risk indicators, which of the following should be defined FIRST?

Answer options

• A. IT risk and security framework
• B. IT key performance indicators
• C. IT goals and objectives
• D. IT resource strategy

Correct answer: C

Explanation

Defining IT goals and objectives is crucial as it provides a clear direction for what the organization aims to achieve, allowing for the effective establishment of key risk indicators. The other options, while important, are secondary to having a clear set of goals and objectives that guide the risk management process.