Isaca IT Risk Fundamentals Exam - Topic 4 Question 27 Discussion

Actual exam question for Isaca's IT Risk Fundamentals exam

Question #: 27
Topic #: 4

[All IT Risk Fundamentals Questions]

Of the following, which stakeholder group is MOST often responsible for risk governance?

ABoard of directors

BEnterprise risk management (ERM)

CBusiness units

Show Suggested Answer

Suggested Answer: A

The board of directors is ultimately accountable for risk governance. While ERM, business units, and IT management all play crucial roles in managing risk, the governance of risk---setting the overall risk appetite, defining roles and responsibilities, and monitoring the effectiveness of risk management---rests with the board. They provide oversight and direction, ensuring that risk management is integrated with the organization's strategic objectives. The board's responsibility stems from their fiduciary duty to the organization and its stakeholders. They are responsible for the overall success and sustainability of the enterprise, which includes effectively managing risks.

by Blondell at May 07, 2026, 10:03 PM

Limited Time Offer

25%

Off

Get Premium IT Risk Fundamentals Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Ryan

17 days ago

I feel like business units might have some responsibility too, but I can't recall if they are the most responsible group.

upvoted 0 times

...

Marsha

22 days ago

I remember a practice question where it mentioned that the board has ultimate responsibility, but ERM is crucial for implementing the risk strategy.

upvoted 0 times

...

Gladys

27 days ago

I think the board of directors is usually the one that oversees risk governance, but I'm not entirely sure if ERM plays a bigger role in some organizations.

upvoted 0 times

...