Which of the following enterprise risk management concepts is MOST important to fully understand prior to finalizing the design of an IT governance system?
Which of the following enterprise risk management concepts is MOST important to fully understand prior to finalizing the design of an IT governance system?
Understanding the enterprise's risk appetite is most important before finalizing the design of an IT governance system. Risk appetite refers to the amount of risk an organization is willing to accept in pursuit of its objectives. It's a fundamental concept in ensuring that the governance system aligns with the organization's overall strategy and risk management approach. Without a clear understanding of risk appetite, it would be challenging to design a governance system that appropriately addresses and manages risks.
Ans B is correct Figure 7.2 Governance System Design Flow, Page47, COBIT 2019 Framework Introduction and Methodology
p.42: Figure 7.2, 2.3
Step 1 understand enterprise context & strategy of design has a step for "understand risk profile"