When conducting a risk assessment in support of a new regulatory requirement, the IT risk committee should FIRST consider the:
A. cost burden to achieve compliance.
B. disruption to normal business operations.
C. readiness of IT systems to address the risk.
D. risk profile of the enterprise.
A. cost burden to achieve compliance.
B. disruption to normal business operations.
C. readiness of IT systems to address the risk.
D. risk profile of the enterprise.