A regulatory audit assessed an enterprise's main transactional application as noncompliant. In addition to fines and required corrections, an agreement was reached to implement a set of governance controls over IT.
Accountability for these controls is BEST assigned to which of the following?

It has been discovered that multiple business units across an enterprise are using duplicate IT applications and services to fulfill their individual needs. Which of the following would be MOST helpful to address this concern?

Which of the following components of COSO ERM framework encompasses the nature of an enterprise, and sets the basis for how risk is viewed and addressed by an organization people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which it operates?

Which of the following areas tracks the project delivery, and monitors the IT services?

Jenny is the project manager for the NBT projects. She is working with the project team and several subject matter experts to perform the quantitative risk analysis process.
During this process she and the project team uncover several risks events that were not previously identified. What should Jenny do with these risk events?