Which of the following is the BEST approach for determining the overall IT risk appetite of an organization when business units use different methods for managing IT risks?
A.
Average the business units' IT risk levels.
B.
Identify the highest-rated IT risk level among the business units.
C.
Establish a global IT risk scoring criteria.
D.
Prioritize the organization's IT risk scenarios.
The BEST approach is C. Establishing a global IT risk scoring criteria provides the necessary common foundation to understand, compare, and aggregate risks across disparate business units, which is essential for determining an overall IT risk appetite.
Prioritizing risks for IT risk scenarios across the organization allows you to understand which risks have the most impact and how much they affect the strategic risk objectives of the organization. This allows you to effectively prioritize risk management and allocate resources.
Therefore, prioritizing IT risk scenarios across the organization is more appropriate for determining the overall IT risk tolerance of the organization than simply averaging the IT risk levels of each business unit or identifying the highest rating. This allows risk management to be aligned with the strategic risk objectives of the organization.
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ziutek_
Highly Voted 2 years, 4 months ago9967be3
Most Recent 5 days, 16 hours agodencam
1 month, 1 week agomolyneachieng21
8 months agoSwallows
10 months, 1 week ago3008
1 year, 5 months ago