Which of the following is necessary for the effective risk management in IT governance?

Risk evaluation is embedded in management processes

Risk management strategy is approved by the audit committee

Local managers are solely responsible for risk evaluation

IT risk management is separate from corporate risk management