Certified in the Governance of Enterprise IT (CGEIT) — Question 96

Following a major IT incident that resulted in a loss to the enterprise, a CIO is preparing for a meeting with the board of directors to discuss what may have failed internally. Which of the following should the CIO do FIRST to provide assurance to the board?

Answer options

• A. Review the IT control environment.
• B. Ensure IT and enterprise risk management alignment.
• C. Review the incident response policy.
• D. Verify continuous monitoring is being performed.

Correct answer: A

Explanation

The correct answer is A because reviewing the IT control environment allows the CIO to understand the effectiveness of existing controls and identify any gaps that contributed to the incident. Options B, C, and D, while important, do not directly address the immediate need to assess the internal controls that may have failed during the incident.