Comprehensive and Detailed Explanation:
The CGEIT Review Manual 8th Edition, in its Governance of Enterprise IT domain, addresses compliance with regulatory requirements as a key governance responsibility. Determining compliance priorities involves understanding legal obligations, assessing their impact, and aligning them with business objectives.
Option A: Legal counsel is best suited to determine compliance priorities. Legal counsel has the expertise to interpret regulatory requirements, assess their applicability, and prioritize them based on legal risks, penalties, and business impact. For example, they can identify which regulations (e.g., GDPR, HIPAA) pose the greatest risk of fines or reputational damage and recommend prioritization. The manual likely references COBIT 2019’s MEA01-Monitor, Evaluate, and Assess Performance and Conformance, which includes legal compliance as a governance responsibility.
Option B: The IT risk department focuses on IT-specific risks, not broader regulatory compliance, and lacks legal expertise.
Option C: The audit department evaluates compliance post-implementation but isn’t responsible for prioritizing regulatory requirements.
Option D: Business units are stakeholders but lack the legal knowledge to prioritize regulations effectively.
Double Verification: The answer aligns with COBIT’s governance processes and the CGEIT domain’s emphasis on compliance management. Legal counsel’s role in regulatory interpretation is a standard practice in ISACA’s frameworks.
ISACA CGEIT Review Manual 8th Edition, Domain 1: Governance of Enterprise IT (focus on compliance management).
COBIT 2019, MEA01-Monitor, Evaluate, and Assess Performance and Conformance.
ISACA Glossary (for definitions of compliance), available at https://www.isaca.org/resources/glossary.
Submit