The PRIMARY goal of a corporate risk management program is to ensure that an organization’s:
A.
IT assets in key business functions are protected.
B.
business risks are addressed by preventive controls.
C.
stated objectives are achievable.
D.
IT facilities and systems are always available.
Explanation:
Risk management’s primary goal is to ensure an organization maintains the ability to achieve its
objectives. Protecting IT assets is one possible goal as well as ensuring infrastructure and
systems availability. However, these should be put in the perspective of achieving an
organization’s objectives. Preventive controls are not always possible or necessary; risk
management will address issues with an appropriate mix of preventive and corrective controls.