CGEIT Certified in the Governance of Enterprise IT – Question293

An enterprise has been focused on establishing an IT risk management framework. Which of the following should be the PRIMARY motivation behind this objective?

A.
Increasing the enterprise's risk tolerance level and risk appetite.
B. Engaging executives in examining IT risk when developing policies.
C. Promoting responsibility throughout the enterprise for managing IT risk.
D. Maintaining a complete and accurate risk registry to better manage IT risk.

Correct Answer: C