CISA Certified Information Systems Auditor – Question0492

Which of the following is necessary for the effective risk management in IT governance?

A.
Risk evaluation is embedded in management processes
B. Risk management strategy is approved by the audit committee
C. Local managers are solely responsible for risk evaluation
D. IT risk management is separate from corporate risk management

Correct Answer: A