Which of the following is the PRIMARY ongoing responsibility of the IT governance function related to risk? 

Answer options:

A. Responding to and controlling all IT risk events
B. Verifying that all business units have staff skilled at assessing risk
C. Communicating the enterprise risk management plan
D. Ensuring IT risk management is aligned with business risk appetite

C