Which of the following is the BEST approach for determining the overall IT risk appetite of an organization when business units use different methods for managing IT risks?
Which of the following is the BEST approach for determining the overall IT risk appetite of an organization when business units use different methods for managing IT risks?
The best approach for determining the overall IT risk appetite of an organization when business units use different methods for managing IT risks is to establish a global IT risk scoring criteria. This ensures a consistent and standardized way to measure and compare IT risks across the entire organization, which enables a cohesive and comprehensive understanding of the overall IT risk appetite.
I would go with C here
Prioritizing risks for IT risk scenarios across the organization allows you to understand which risks have the most impact and how much they affect the strategic risk objectives of the organization. This allows you to effectively prioritize risk management and allocate resources. Therefore, prioritizing IT risk scenarios across the organization is more appropriate for determining the overall IT risk tolerance of the organization than simply averaging the IT risk levels of each business unit or identifying the highest rating. This allows risk management to be aligned with the strategic risk objectives of the organization.
C is correct.