Which of the following statements are NOT requirements of governance and enterprise risk management in a cloud environment?
Which of the following statements are NOT requirements of governance and enterprise risk management in a cloud environment?
In the context of governance and enterprise risk management in a cloud environment, it is essential to inspect and account for risks, respect interdependencies of risks, communicate corporate risk posture, and provide transparency to stakeholders. However, negotiating long-term contracts with companies using well-vetted software to avoid the transient nature of the cloud environment is not a fundamental requirement. Governance and risk management focus on continuous assessment and management of risks rather than static long-term contractual solutions.
The statement that is NOT a requirement of governance and enterprise risk management in a cloud environment is: C. Negotiate long-term contracts with companies who use well-vetted software application to avoid the transient nature of the cloud environment. While negotiating long-term contracts and using well-vetted software applications can be strategies organizations employ in a cloud environment, it is not specifically a requirement of governance and enterprise risk management. The other statements mentioned, A, B, and D, align with the requirements of governance and enterprise risk management in a cloud environment, which involve inspecting and accounting for risks, respecting interdependencies, communicating risk posture, and providing transparency to stakeholders.
The answer is E as both B and C are correct. Regarding B; we do not have to 'Respect' the interdependencies but can also evaluate to mitigate the risk as well. It is based on a risk assessment whether to 'respect' them which is equivalent to accepting them and do nothing or to identify mitigating controls and reduce the risk exposure. The resultant residual risk and health of mitigating controls can be reported to the management.