Question 2
Domain 1 — Governance and Risk Management FrameworksWhat is the purpose of a risk governance maturity model?
Correct answer: B
Explanation
A risk governance maturity model is used to measure how developed an organization’s risk governance practices are and to identify gaps for improvement. It helps assess and improve the sophistication of risk governance practices by showing the current level of maturity and the steps needed to advance.
Why each option is right or wrong
A. To eliminate all risks immediately
B. To assess and improve the sophistication of risk governance practices
Risk governance maturity models are designed to benchmark an organization’s current risk governance capability against defined stages of development, typically from ad hoc or basic controls through to optimized, integrated oversight. The model is used to identify gaps, prioritize enhancements, and track progress over time, so the focus is on evaluating the sophistication of governance practices and guiding improvement rather than performing a one-time risk measurement.
C. To replace risk assessments
D. To avoid board involvement