Which of the following is least likely to be delegated to the board-level governance committee?
A. Nominate a slate of qualified board members
B. Govern enterprise risk management
C. Establish succession planning for officers.
D. Conduct audits independently.

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Conduct audits independently.

Committee Charter

Various committees can be created under the board of directors. A committee charter should define its mission, authority, roles and responsibilities, and composition, etc. A committee can be created to do whatever the charter authorizes.

For example, a governance committee may be authorized to nominate a slate of qualified board members, govern enterprise risk management, or establish succession planning for officers. However, some boards may create a nomination committee to nominate director candidates, a risk management committee to manage risk, a strategy development committee to formulate strategies, and so forth.

Audit Committee

Not all boards have a governance committee, but almost all boards set up an audit committee to comply with legal and regulatory requirements. An audit committee typically oversees the performance of the organization’s independent auditor (e.g., CPA) and internal audit function, instead of conducting audits by itself.

My book, The Effective CISSP: Security and Risk Management, has more details.

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.