An enterprise wishes to establish key risk indicators (KRIs) in an effort to better manage IT risk. Which of the following should be identified FIRST?
Walter is the project manager of a large construction project. He'll be working with several vendors on the project. Vendors will be providing materials and labor for several parts of the project. Some of the works in the project are very dangerous so Walter has implemented safety requirements for all of the vendors and his own project team.
Stakeholders for the project have added new requirements, which have caused new risks in the project. A vendor has identified a new risk that could affect the project if it comes into fruition. Walter agrees with the vendor and has updated the risk register and created potential risk responses to mitigate the risk. What should Walter also update in this scenario considering the risk event?
A board of directors wants to ensure the enterprise is responsive to changes in its environment that would directly impact critical business processes. Which of the following will BEST facilitate meeting this objective?
Which of the following is the BEST method for determining an enterprise's current appetite for risk?
Which of the following is the PRIMARY ongoing responsibility of the IT governance function related to risk?
