Question 16 - IT Risk Fundamentals discussion

In the context of enterprise risk management (ERM), stakeholders play a crucial role in shaping and supporting the risk management framework within the organization. Here is a detailed explanation of the roles and why option A is the correct answer:

Option A: Stakeholders set direction and provide support for risk management practices

This option accurately describes the overarching role of stakeholders in ERM. Stakeholders, including senior management and the board of directors, are responsible for establishing the risk management policies and frameworks. They provide the necessary resources, guidance, and oversight to ensure that risk management practices are integrated into the organizational processes. This support is essential for creating a risk-aware culture and for ensuring that risk management objectives align with the business goals.

Option B: Stakeholders are accountable for all risk management activities within an enterprise

This statement is overly broad. While stakeholders are accountable for ensuring that a robust risk management framework is in place, the actual execution of risk management activities is typically the responsibility of designated risk management teams and individual business units.

Option C: Stakeholders are responsible for protecting enterprise assets to achieve business objectives

Although stakeholders have a role in protecting enterprise assets, this responsibility is more specific and does not encompass the broader role of setting direction and providing support for the overall risk management framework.

Conclusion: Option A correctly captures the essential role of stakeholders in ERM, which involves setting the strategic direction for risk management and providing the necessary support to implement and maintain effective risk management practices.