An IT governance committee is defining a risk management policy for a portfolio of IT-enabled investments. Which of the following should be the PRIMARY consideration when developing the policy? 

Answer options:

A. Risk appetite of the enterprise
B. Risk management framework
C. Value obtained with minimum risk
D. Possible investment failures

B