Following a major IT incident that resulted in a loss to the enterprise, a CIO is preparing for a meeting with the board of directors to discuss what may have failed internally. Which of the following should the CIO do FIRST to provide assurance to the board? 

Answer options:

A. Review the IT control environment.
B. Ensure IT and enterprise risk management alignment.
C. Review the incident response policy.
D. Verify continuous monitoring is being performed.

B