CGEIT : Certified in the Governance of Enterprise IT : Part 06

  1. During the implementation phase of a central ERP system, a project manager identifies a significant lack of human capabilities to support the system. The issue is reported to the project sponsor, and the sponsor sends a request for an increase in the budget to the IT steering committee. What should be the IT steering committee’s FIRST action?

    • Require a revised business case.
    • Approve the budget request.
    • Provide appropriate training.
    • Refer back to the project sponsor for resolution.
  2. For a large enterprise, which of the following is the BEST indicator that IT governance has a poor reputation?

    • Regulatory noncompliance
    • Low attendance at strategy committee meetings
    • High turnover of IT staff
    • Data leakage
  3. An enterprise has committed to the implementation of a new IT governance model. The BEST way to begin this implementation is to:

    • prioritize how much and where to invest in IT.
    • identify the role of IT in supporting the business.
    • define policies for data, applications, and organization of infrastructure.
    • identify IT services that currently support the enterprise’s capability.
  4. Which of the following is the PRIMARY role of the CEO in IT governance?

    • Evaluating return on investment
    • Managing the risk governance process
    • Establishing enterprise strategic goals
    • Nominating IT steering committee membership

    Explanation:

    Reference: https://corporatefinanceinstitute.com/resources/careers/jobs/what-is-a-ceo-chief-executive-officer/

  5. Which of the following is a PRIMARY responsibility of the CIO when an enterprise plans to replace its enterprise resource applications?

    • Ensuring IT architecture requirements are considered
    • Selecting and vetting application vendors
    • Determining critical success factors for related projects
    • Establishing software quality criteria
  6. Upcoming IT-related regulations carry costly penalties for an enterprise. The issuing regulatory agency has a history of weak enforcement. The IT steering committee should FIRST direct management to:

    • update the enterprise architecture (EA).
    • perform benchmarking activities.
    • evaluate the impact of the emerging risk.
    • develop mitigation plans for noncompliance.
  7. When establishing a methodology for business cases, it would be MOST beneficial for an enterprise to include procedures for:

    • addressing required changes outside the business case.
    • updating the business case throughout its life cycle.
    • identifying metrics post-implementation to measure project success.
    • entering the business case into the enterprise architecture.
  8. The PRIMARY focus of a committee tasked with evaluating an IT project portfolio should be to ensure:

    • a consistent estimation methodology is leveraged.
    • the enterprise strategy is updated.
    • consistent selection criteria are applied.
    • an industry standard capability maturity model is used.
  9. Which of the following issues identified during an IT review is MOST important to address to improve the alignment between the business and IT?

    • Services in the IT portfolio are not traceable to the IT strategy.
    • IT strategy reviews are conducted only after business strategy changes.
    • Business satisfaction surveys are not conducted regularly.
    • IT dashboards have not been established.
  10. Which of the following is the MOST effective means for IT management to report to executive management regarding the value of IT?

    • IT process maturity level
    • Resource assessment
    • Balanced scorecard
    • Cost-benefit analysis
  11. When determining the desired maturity levels for IT governance processes, it is MOST important to:

    • ensure that maturity can be achieved at the lowest cost.
    • ensure target levels are in line with external competitor benchmarks.
    • agree on target levels in response to need.
    • focus on existing strengths as key drivers for the target levels.
  12. Which of the following is the MOST important reason for selecting IT key risk indicators (KRIs)?

    • Enabling comparison against similar IT KRIs
    • Increasing the probability of achieving IT goals
    • Assessing the current IT controls model
    • Demonstrating the effectiveness of IT risk policies
  13. Which of the following would BEST help a CIO enhance the competencies of an IT business analytics team?

    • Understanding current staff skill sets and identifying gaps
    • Defining the IT architecture and identifying training areas
    • Creating operational processes and identifying resources
    • Establishing team goals and identifying the proper structure
  14. The BEST way to ensure an IT steering committee meets enterprise objectives is to:

    • have key business stakeholders represented on the committee.
    • establish key performance indicators (KPIs).
    • require a member of the committee to have IT governance expertise.
    • benchmark against industry best practices.
  15. Which of the following is the MOST important input for the development of a human resources strategy to address IT skill gaps?

    • Technology direction of the enterprise
    • Training budget allocated for IT staff
    • A recent IT skills matrix
    • Training effectiveness reports
  16. A hospital’s executive steering committee is concerned about the increasing number of cyber attacks on patient data systems across the industry. The committee has asked the CIO to provide regular reporting with information that will help provide better oversight of cyber-related risk to the hospital. Including which of the following in the report would be MOST helpful to the committee?

    • Status of key risk indicators
    • Current business impact levels
    • IT operations gap assessment
    • Cybersecurity risk benchmarks
  17. Which of the following is the BEST way to provide effective IT risk management?

    • Implementing a cost-effective mitigation program
    • Appointing a chief risk officer
    • Embedding risk management in operations
    • Establishing an incident management program
  18. Maintaining a list of all potential IT initiatives for implementing the business strategy should be the responsibility of the:

    • portfolio management function.
    • individual business units.
    • chief executive officer (CEO).
    • chief operating officer (COO).
  19. A large enterprise has decided to use an emerging technology that needs to be integrated with the current IT infrastructure. Which of the following is the BEST way to prevent adverse effects to the enterprise resulting from the new technology?

    • Develop key risk indicators (KRIs).
    • Develop key performance indicators (KPIs).
    • Implement service level agreements (SLAs).
    • Update the risk appetite statement.
  20. An enterprise recognizes that a large percentage of its IT employees are eligible for retirement in the next five years. A significant amount of institutional knowledge resides with retirement-eligible staff. From the board’s perspective, which of the following is the GREATEST concern for the enterprise in this situation?

    • Service delivery to the business
    • Loss of key IT personnel
    • Lack of timeline for succession plan
    • Lack of process documentation
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments