To manage IT-related risk throughout the enterprise, it is crucial to establish an enterprise risk governance committee. This committee provides oversight and direction for the risk management activities across the organization. It ensures that risks are identified, assessed, and managed in alignment with the organization's risk appetite and strategy. The committee typically includes senior executives and stakeholders who can influence policy and resource allocation. This structure supports a comprehensive approach to risk management, integrating risk considerations into decision-making processes. This requirement is in line with guidance from frameworks such as COBIT and ISO 27001, which emphasize governance structures for effective risk management​​​​.