How does COBIT assist in risk management?

COBIT assists in risk management by providing a structured framework of objectives and practices that specifically aim to identify, assess, and mitigate IT-related risks. Instead of attempting to eliminate all risks entirely, which is often impractical, COBIT focuses on establishing a governance framework that includes risk management as a critical component. This involves defining clear goals, metrics, and controls to help organizations understand their risk posture, prioritize risks based on their potential impact, and implement appropriate responses to reduce and control those risks.

Additionally, COBIT emphasizes the importance of aligning IT risk management with overall business objectives, ensuring that risks are managed in a way that supports organizational goals and enhances decision-making. This guiding framework empowers organizations to adopt a proactive rather than reactive approach to risk management, facilitating better resource allocation and risk awareness across all stakeholders involved in IT governance.

The other options either misinterpret the role of COBIT or present an incomplete view of risk management, which is why they are not applicable.