COBIT 2019 Foundation — Question 38

Which of the following enterprise risk management concepts is MOST important to fully understand prior to finalizing the design of an IT governance system?

Answer options

• A. The enterprise's risk tolerance
• B. The enterprise's risk profile
• C. The enterprise's risk appetite

Correct answer: B

Explanation

The enterprise's risk profile is crucial as it outlines the specific risks that the organization faces, which directly informs the IT governance framework. Understanding risk tolerance and appetite are important, but they are secondary to having a comprehensive view of the risk profile that dictates how risks should be managed.