CGEIT Certified in the Governance of Enterprise IT – Question156

When conducting a risk assessment in support of a new regulatory requirement, the IT risk committee should FIRST consider the:

A.
cost burden to achieve compliance.
B. disruption to normal business operations.
C. readiness of IT systems to address the risk.
D. risk profile of the enterprise.

Correct Answer: D