Discover key insights into effective risk management in IT governance for the CISA Exam. Understand why risk evaluation should be embedded in management processes.
Table of Contents
Question
Which of the following is necessary for effective risk management in IT governance?
A. Local managers are solely responsible for risk evaluation.
B. Risk management strategy is approved by the audit committee.
C. Risk evaluation is embedded in management processes.
D. IT risk management is separate from corporate risk management.
Answer
C. Risk evaluation is embedded in management processes.
Explanation
Effective risk management in IT governance requires that risk evaluation be an integral part of all management processes. This ensures that risks are identified and addressed as part of the decision-making process.
Reference
Isaca Certified Information Systems Auditor CISA certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Isaca Certified Information Systems Auditor CISA exam and earn Isaca Certified Information Systems Auditor CISA certification.