CGEIT Certified in the Governance of Enterprise IT – Question200

A CIO has recently been made aware of a new regulatory requirement which may affect IT-enabled business activities. Which of the following should be the CIO’s FIRST step in deciding the appropriate response to the new requirement?

A.
Consult with legal and risk experts to understand the requirements.
B. Confirm there are adequate resources to mitigate compliance requirements.
C. Consult with the board for guidance on the new requirement.
D. Revise initiatives that are active to reflect the new requirements.

Correct Answer: B