An IT governance committee is defining a risk management policy for a portfolio of IT-enabled investments. Which of the following should be the PRIMARY consideration when developing the policy?
It should be A - Risk appetite refers to the amount and type of risk that an organization is willing to accept or avoid to achieve its objectives. The IT governance committee needs to understand the risk appetite of the enterprise before developing a risk management policy for the IT-enabled investments. The risk appetite will help guide the committee's decision-making process by determining how much risk the organization is willing to take on in pursuit of its objectives.
Wait, I realize I made an error. Risk appetite is exclusive with respect to the policy. The risk appetite does not determine the policy per se, though they should be aligned. But alignment does not mean that the Risk appetite will govern the policy. However, the Framework which is the broad universe for policies, procedures etc, will be the best answer for this question.
Senior Management or BoD input will important because these group define risk threshold or risk appetite.
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.CGEIT Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Carus
9 months, 2 weeks agoFrank1480
1 year, 4 months agoJohn_Connor
2 years, 8 months agoJohn_Connor
2 years, 8 months agoWongY
2 years, 11 months agoWongY
2 years, 9 months ago