Understanding the Question:
The question asks what best enables the integration of IT risk management across an organization.
Analyzing the Options:
A. Enterprise risk management (ERM) framework:Provides a comprehensive approach to integrating risk management across the entire organization.
B. Enterprise-wide risk awareness training:Important for education but doesn't ensure integration.
C. Robust risk reporting practices:Crucial for communication but not integration.
D. Risk management policies:Necessary but need to be part of an overall framework for effective integration.
ERM Framework:An ERM framework ensures that risk management practices are standardized and integrated throughout the organization. It aligns risk management with business objectives, ensuring that IT risk is considered within the broader context of enterprise risk.
Comprehensive Approach:ERM covers all aspects of risk, including IT, and facilitates a unified approach to managing risk across all departments and levels.
[References:, CRISC Review Manual, Chapter 1: Governance, details the role of an ERM framework in integrating risk management practices across an organization., , , , , , , , , , , , ]
