CGEIT : Certified in the Governance of Enterprise IT : Part 04

  1. An enterprise’s board of directors can BEST manage enterprise risk by:

    • mandating board-approved enterprise risk management (ERM) modifications.
    • requiring the establishment of an enterprise-wide program management office.
    • ensuring the cost-effectiveness of the internal control system.
    • requiring the establishment of an enterprise risk management (ERM) framework.

    Explanation:

    Reference: https://www.coso.org/documents/COSOBoardsERM4pager-FINALRELEASEVERSION82409_001.pdf

  2. An IT investment review board wants to ensure that IT will be able to support business initiatives. Each initiative is comprised of several interrelated IT projects. Which of the following would help ensure that the initiatives meet their goals?

    • Verification of initiatives against the architecture
    • Review of the business case for each initiative
    • Establishment of portfolio management
    • Review of project management methodology
    Explanation:
    Reference: https://www.pmi.org/learning/library/proven-project-portfolio-management-process-8503
  3. Which of the following is MOST critical to support IT governance cultural changes within an organization?

    • IT governance process manuals
    • Regularly scheduled governance training
    • Demonstrated management commitment
    • Established IT monitoring and measuring
  4. An enterprise has decided to use third-party software for a business process which is hosted and supported by the same third party. The BEST way to provide quality of service oversight would be to establish a process:

    • to qualify service providers.
    • for enterprise architecture updates.
    • for robust change management.
    • for periodic service provider audits.
  5. In a successful enterprise that is profitable in its marketplace and consistently growing in size, the non-IT workforce has grown by 50% in the last two years. The demand for IT staff in the marketplace is more than the supply, and the enterprise is losing staff to rival organizations. Due to the rapid growth, IT has struggled to keep up with the enterprise, and IT procedures and associated job roles are not well-defined. The MOST critical activity for reducing the impact caused by IT staff turnover is to:

    • outsource the IT operation.
    • increase compensation for IT staff.
    • hire temporary staff.
    • document processes and procedures.
  6. A business has outsourced IT operations to several third-party providers, but service level agreements (SLAs) are not clearly defined in all cases. Which of the following is the GREATEST risk to the business?

    • Third parties could provide overlapping services.
    • Quality of services is not enforceable.
    • The scope of work is not clearly defined.
    • Costs are not measurable.
  7. A large enterprise has been experiencing high turnover of skilled IT personnel, resulting in a significant loss of knowledge within the IT department. Which of the following should be done FIRST to address this problem?

    • Conduct a survey of current IT staff.
    • Revise the IT resource management plan.
    • Update human resources policies and practices.
    • Develop an incentive scheme for IT employees.
  8. A newly established IT steering committee is concerned whether or not a system is meeting availability objectives. Which of the following will provide the BEST information to make an assessment?

    • Critical success factors
    • Balanced scorecard
    • Performance indicators
    • Capability maturity levels
  9. Following a major IT incident that resulted in a loss to the enterprise, a CIO is preparing for a meeting with the board of directors to discuss what may have failed internally. Which of the following should the CIO do FIRST to provide assurance to the board?

    • Review the IT control environment.
    • Ensure IT and enterprise risk management alignment.
    • Review the incident response policy.
    • Verify continuous monitoring is being performed.
  10. A newly appointed CIO has issued a new IT strategic plan. Which of the following would be the MOST effective way for the CIO to ensure the IT management team is held accountable for the delivery of the plan?

    • Provide management training on IT strategic objectives.
    • Revise the managers’ performance goals to include key objectives.
    • Enforce disciplinary action for managers if the plan is not delivered.
    • Update the IT balanced scorecard with key objectives.
  11. Which of the following is the PRIMARY ongoing responsibility of the IT governance function related to risk?

    • Responding to and controlling all IT risk events
    • Verifying that all business units have staff skilled at assessing risk
    • Communicating the enterprise risk management plan
    • Ensuring IT risk management is aligned with business risk appetite
  12. Which of the following is the BEST outcome measure to determine the effectiveness of IT risk management processes?

    • Time lag between when IT risk is identified and the enterprise’s response
    • Percentage of business users satisfied with the quality of risk training
    • Frequency of updates to the IT risk register
    • Number of events impacting business processes due to delays in responding to risks
  13. The BEST way for a CIO to monitor the alignment between the business and IT strategy is to regularly review:

    • IT services supporting business processes.
    • the balanced scorecard.
    • key risk indicators (KRIs).
    • the risk register.
  14. Which of the following is PRIMARILY achieved through performance measurement?

    • Process improvement
    • Benefit realization
    • Cost efficiency
    • Transparency
  15. While assessing the feasibility of introducing new IT practices and standards into the IT governance framework, it is CRITICAL to understand an organization’s:

    • maturity of IT processes.
    • culture.
    • enterprise architecture.
    • level of outsourcing.
  16. A new IT initiative is delivered successfully. Which of the following should be updated to reflect the new technology?

    • Balanced scorecard
    • IT strategy
    • IT tactical plan
    • Enterprise architecture
  17. The MOST beneficial aspect of utilizing an IT risk management framework is that it:

    • addresses a lack of data in risk reporting.
    • facilitates the identification of technologies posing the greatest risk to IT.
    • enables a consistent approach to risk management.
    • drives inclusion of the technology function in enterprise risk management.
  18. When defining an enterprise governance framework, the PRIMARY determination of the degree to which the framework is principle-based or policy-based is:

    • enterprise architecture framework.
    • organizational decision-making style.
    • IT process maturity.
    • organizational structure.
    Explanation:
    Reference: https://www.isaca.org/resources/isaca-journal/past-issues/2013/it-policy-framework-based-on-cobit-5
  19. A company is considering selling products online, and the CIO has been asked to advise the board of directors of potential problems with this strategy. Which of the following would be the CIO’s BEST course of action?

    • Perform a risk assessment.
    • Review the security framework.
    • Conduct a return on investment analysis.
    • Review the enterprise architecture.
  20. After shifting from lease to purchase of IT infrastructure and software licenses, an enterprise has to pay for unexpected lease extensions causing significant cost overruns. The BEST direction for the IT steering committee would be to establish:

    • a program to annually review financial policy on overruns.
    • an end-of-life program to remove aging infrastructure from the environment.
    • budget cuts to compensate for the cost overruns.
    • a policy to consider total cost of ownership in investment decisions.
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments