ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CGEIT All Questions

View all questions & answers for the CGEIT exam
Go to Exam

Exam CGEIT topic 1 question 77 discussion

Actual exam question from Isaca's CGEIT
Question #: 77
Topic #: 1
[All CGEIT Questions]

The MOST beneficial aspect of utilizing an IT risk management framework is that it:

  • A. addresses a lack of data in risk reporting.
  • B. facilitates the identification of technologies posing the greatest risk to IT.
  • C. enables a consistent approach to risk management.
  • D. drives inclusion of the technology function in enterprise risk management.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by WongY at Sept. 27, 2021, 4:17 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SuperMax
8 months, 3 weeks ago
Selected Answer: C
C. enables a consistent approach to risk management. The most beneficial aspect of utilizing an IT risk management framework is that it enables a consistent approach to risk management. A well-defined IT risk management framework provides a structured methodology, processes, and guidelines for identifying, assessing, prioritizing, mitigating, and monitoring IT-related risks across the organization. By establishing a consistent approach, the framework ensures that risks are managed systematically and comprehensively, regardless of the specific technology, department, or business unit involved. This consistency enhances the organization's ability to effectively manage and mitigate risks, leading to improved resilience and security of IT systems and assets.
upvoted 1 times
...
Frank1480
1 year, 5 months ago
The MOST beneficial aspect of utilizing an IT risk management framework is that it: C. enables a consistent approach to risk management. Here's why: Enables a consistent approach to risk management: An IT risk management framework provides a structured and systematic approach to identifying, assessing, and managing risks specific to IT. It establishes a set of guidelines, processes, and procedures that help ensure a consistent and standardized approach to risk management across the organization. This consistency enables clear communication, effective decision-making, and efficient allocation of resources in addressing IT-related risks.
upvoted 2 times
...
notwhatitsiems
2 years, 10 months ago
ISACA's Risk Management Frameworks include the identification of risk. COSO's ERM has a line for risk assessment and the Risk IT Framework has a section dedicated to the identification of IT-related risks and opportunities, their analysis and subsequent presentation. This is the Risk Evaluation section. After this process, risk is articulated, addressed in a cost-effective manner and subsequently addressed. OCTAVE has a phase where vulnerabilities within the infrastructure must be identified, OGC's M_o_R is also another risk management framework that calls for the identification of risk and then selecting the appropriate risk response. Finally, NIST SP-800-37 (RMF) includes step 0: Prepare which details the assignment of Risk management roles, the creation of the strategy, then an enterprise-wide risk assessment where risks are identified.
upvoted 1 times
...
Ramye
3 years, 2 months ago
C is more suitable answer as framework brings consistency
upvoted 1 times
...
WongY
3 years, 2 months ago
Risk management framework is not capable of identifying risk. It is a board set of guidelines for risk management of any enterprise
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel