Isaca Certified in the Governance of Enterprise IT Exam CGEIT Question # 191 Topic 20 Discussion
CGEIT Exam Topic 20 Question 191 Discussion:
Question #: 191
Topic #: 20
A newly hired IT director of a large international enterprise has been asked to provide periodic updates regarding IT risk to the board. Which of the following is the MOST effective way to initially address this request?
A.
Include a complete IT risk register in the monthly letter given to each board member.
B.
Include key IT risks in a dashboard submitted to the board quarterly.
C.
Submit a register of all IT audit findings to board members monthly.
D.
Schedule quarterly meetings to discuss all open IT risks.
According to the ISACA paper on Tactics for Effectively Communicating Cybersecurity Risk to Boards of Directors1, the most effective way to initially address the request of providing periodic updates regarding IT risk to the board is to include key IT risks in a dashboard submitted to the board quarterly. A dashboard is a visual tool that can help the board members quickly understand the current status and trends of IT risk, as well as the actions taken or planned to mitigate them. A dashboard should be concise, clear, consistent and relevant, and should highlight the most significant IT risks that could impact the enterprise’s objectives and performance. A dashboard should also align with the enterprise’s risk appetite and tolerance, and provide recommendationsfor improvement or escalation. The other options are not as effective as a dashboard, as they may be too detailed, too frequent, too narrow or too reactive for the board’s needs.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit