A newly established IT steering committee is concerned whether a system is meeting availability objectives.
Which of the following will provide the BEST information to make an assessment?
- A . Balanced scorecard
- B . Capability maturity levels
- C . Performance indicators
- D . Critical success factors (CSFs)
Which of the following is the BEST method to monitor IT governance effectiveness?
- A . Service level management
- B . Balanced scorecard
- C . Risk control self-assessment (CSA)
- D . SWOT analysis
A newly established IT steering committee is concerned whether a system is meeting availability objectives.
Which of the following will provide the BEST information to make an assessment?
- A . Balanced scorecard
- B . Capability maturity levels
- C . Performance indicators
- D . Critical success factors (CSFs)
An IT audit reveals inconsistent maintenance of data privacy in enterprise systems primarily due to a lack of data sensitivity categorizations.
Once the categorizations are defined, what is the BEST long-term strategic response by IT governance to address this problem?
- A . Standardize data classification processes throughout the enterprise.
- B . Incorporate enterprise privacy categorizations into contracts.
- C . Require business impact analyses (BIAs) for enterprise systems.
- D . Reassess the data governance policy.
A new and expanding enterprise has recently received a report indicating 90% of its data has been collected in just the last six months, triggering data breach and privacy concerns.
What should be the IT steering committee’s FIRST course of action to ensure new data is managed effectively?
- A . Mitigate and track data-related issues and risks.
- B . Modify legal and regulatory data requirements.
- C . Define data protection and privacy practices.
- D . Assess the information governance framework.
An enterprise is planning to replace multiple enterprise resource planning (ERP) systems at various regions with one company-wide ERP system. The main objective of this change is to achieve economies of scale efficiencies resulting in cost reductions.
To meet this objective, what is the BEST approach in the planning phase of the project?
- A . Implement an ERP system on shared resources with the lowest cost.
- B . Minimize customization by standardizing ERP processes across regions.
- C . Adopt a best in breed web-based architecture for the ERP system.
- D . Use a service provider to evaluate and implement the new ERP processes.
While monitoring an enterprise’s IT projects portfolio, it is discovered that a project is 75% complete, but all budgeted resources have been expended.
Which of the following is the MOST important task to perform?
- A . Review the IT investments.
- B . Reorganize the IT projects portfolio.
- C . Re-evaluate the business case.
- D . Review the IT governance structure.
Six months ago, an enterprise’s CIO reorganized IT to improve service delivery to the business.
Which of the following would BEST demonstrate the effectiveness of the reorganization?
- A . The number of help desk calls
- B . A balanced scorecard
- C . A survey of IT staff
- D . IT cost reduction
An enterprise is evaluating a possible strategic initiative for which IT would be the main driver. There are several risk scenarios associated with the initiative that have been identified.
Which of the following should be done FIRST to facilitate a decision?
- A . Define the risk mitigation strategy.
- B . Assess the impact of each risk.
- C . Establish a baseline for each initiative.
- D . Select qualified personnel to manage the project.
Enterprise IT has overseen the implementation of an array of data services with overlapping functionality leading to business inefficiencies.
Which of the following is the MOST likely cause of this situation?
- A . insufficient information architecture
- B . Ineffective project management
- C . An outdated service level agreement (SLA)
- D . An incomplete cost-benefit analysis
Which of the following would be the BEST way to facilitate the adoption of strong IT governance practices throughout a multi-divisional enterprise?
- A . Ensuring each divisional policy is consistent with corporate policy
- B . Ensuring divisional governance fosters continuous improvement processes
- C . Mandating data standardization across the distributed enterprise
- D . Documenting and communicating key management practices across divisions
An enterprise considers implementing a system that uses a technology that is not in line with its IT strategy. The business case indicates significant benefit to the enterprise.
Which of the following is the BEST way to manage this situation within an IT governance framework?
- A . Update the IT strategy to align with the new technology.
- B . Initiate an operational change request.
- C . Reject based on non-alignment.
- D . Address as part of an architecture exception process.
Which of the following groups should approve the implementation of new technology?
- A . IT steering committee
- B . IT audit department
- C . Portfolio management office
- D . Program management office
A regulatory audit assessed an enterprise’s main transactional application as noncompliant. In addition to fines and required corrections, an agreement was reached to implement a set of governance controls over IT.
Accountability for these controls is BEST assigned to which of the following?
- A . CIO
- B . Internal audit director
- C . Application users
- D . The board of directors
An enterprise can BEST assess the benefits of a new IT project through its life cycle by:
- A . calculation of the total cost of ownership.
- B . periodic review of the business case.
- C . periodic measurement of the project slip rate.
- D . calculation of the net present value (NPV).
The PRIMARY reason for an enterprise to adopt an IT governance framework is to:
- A . assure IT sustains and extends the enterprise strategies and objectives.
- B . expedite IT investments among other competing business investments.
- C . establish IT initiatives focused on the business strategy.
- D . allow IT to optimize confidentiality, integrity, and availability of information assets.
Which of the following is the BEST approach when reviewing The security status of a new business acquisition?
- A . Embed IT risk management strategies in service level agreements (SLAs).
- B . Establish a committee to oversee the alignment of IT security in new businesses.
- C . Incorporate IT security objectives to cover additional risks associated with new businesses.
- D . Integrate IT risk assessment into the overall due diligence process.
The board of directors of an enterprise has approved a three-year IT strategic program to centralize the core business processes of its global entities into one core system.
Which of the following should be the ClO’s NEXT step?
- A . Engage a team to perform a business impact analysis (BIA).
- B . Require the development of a risk management plan.
- C . Determine resource requirements for program implementation.
- D . Require the development of a program roadmap.
Which of the following is the MOST important driver of IT governance?
- A . Effective internal controls
- B . Management transparency
- C . Quality measurement
- D . Technical excellence
A global enterprise is experiencing an economic downturn and is rapidly losing market share. IT senior management is reassessing the core activities of the business, including IT, and the associated resource implications. Management has decided to focus on its local market and to close international operations. A critical issue from a resource management perspective is to retain the most capable staff.
This is BEST achieved by:
- A . reviewing current goals-based performance appraisals across the enterprise.
- B . ranking employees across the enterprise based on their compensation.
- C . ranking employees across the enterprise based on length of service.
- D . retaining capable staff exclusively from the local market.
An IT steering committee is presented with an audit finding that new software applications are delivered on time but consistently have unacceptable levels of defects.
Which of the following would be the BEST direction from the committee?
- A . Implement performance indicators.
- B . Evaluate the change management process.
- C . Establish code peer reviews.
- D . Evaluate the quality assurance process.
A CIO is concerned with the potential of vendor system failures that could cause a large amount of unintended system downtime.
To determine how to prepare for this concern, what is MOST important for the CIO to review?
- A . IT balanced scorecard
- B . Service-level metrics
- C . IT procurement policy
- D . Business impact analysis (BIA)
The BEST way to manage continuous improvement of governance-related processes is to:
- A . assess existing process resource capacities.
- B . define accountability based on roles and responsibilities.
- C . apply effective quality management practices.
- D . require third-party independent reviews.
Which of the following would BEST enable business innovation through IT?
- A . Outsourcing of IT to a strategic business partner
- B . Business participation in IT strategy development
- C . Adoption of a standardized business development life cycle
- D . IT participation in business strategy development
Acceptance of an enterprise’s newly implemented IT governance initiatives has been resisted by a functional group requesting more autonomy over technology choices.
Which of the following is MOST important to accommodate this need for autonomy?
- A . Continuous improvement processes
- B . Documentation of key management practices
- C . An exception management process
- D . A change control process
A board of directors wants to ensure the enterprise is responsive to changes in its environment that would directly impact critical business processes.
Which of the following will BEST facilitate meeting this objective?
- A . Scheduling frequent threat analyses
- B . Monitoring key risk indicators (KRIs)
- C . Regularly reviewing the enterprise risk appetite
- D . Implementing a competitive intelligence tool
An enterprise has established a new department to oversee the life cycle of activities that support data management objectives.
Which of the following should be done NEXT?
- A . Develop a business continuity plan (BCP).
- B . Assess the current data business model.
- C . Review data privacy requirements.
- D . Establish a RACI chart
Which of the following is the MOST important attribute of an information steward?
- A . The information steward manages the systems that process the relevant data.
- B . The information steward has expertise in managing data quality systems.
- C . The information steward is closely aligned with the business function.
- D . The information steward is part of the information architecture group.
From a governance perspective, which of the following roles is MOST important for an enterprise to keep in-house?
- A . Information auditor
- B . Information architect
- C . Information steward
- D . Information analyst
An enterprise learns that a new privacy regulation was recently published to protect customers in the event of a breach involving personally identifiable information (Pll).
The IT risk management team’s FIRST course of action should be to:
- A . evaluate the risk appetite for the new regulation.
- B . define the risk tolerance for the new regulation.
- C . determine if the new regulation introduces new risk.
- D . assign a risk owner for the new regulation.
An enterprise has decided to utilize a cloud vendor for the first time to provide email as a service, eliminating in-house email capabilities.
Which of the following IT strategic actions should be triggered by this decision?
- A . Develop a data protection awareness education training program.
- B . Monitor outgoing email traffic for malware.
- C . Implement a data classification and storage management tool.
- D . Update and communicate data storage and transmission policies.
Which of the following components of a policy BEST enables the governance of enterprise IT?
- A . Disciplinary actions
- B . Regulatory requirements
- C . Roles and responsibilities
- D . Terms and definitions
An enterprise has made the strategic decision to reduce operating costs for the next year and is taking advantage of cost reductions offered by an external cloud service provider.
Which of the following should be the IT steering committee’s PRIMARY concern?
- A . Revising the business $ balanced storecard
- B . Updating the business risk profile
- C . Changing the IT steering committee charter
- D . Calculating the cost of the current solution
An IT investment review board wants to ensure that IT will be able to support business initiatives. Each initiative is comprised of several interrelated IT projects.
Which of the following would help ensure that the initiatives meet their goals?
- A . Review of project management methodology
- B . Review of the business case for each initiative
- C . Establishment of portfolio management
- D . Verification of initiatives against the architecture
It has been discovered that multiple business units across an enterprise are using duplicate IT applications and services to fulfill their individual needs.
Which of the following would be MOST helpful to address this concern?
- A . Enterprise architecture (EA)
- B . Enterprise risk framework
- C . IT service management
- D . IT project roadmap
Results of an enterprise’s customer survey indicate customers prefer using mobile applications. However, this same survey shows the enterprise’s mobile applications are considered inferior compared to legacy browser-based applications.
Which of the following should be the FIRST step in creating an effective long-term mobile application strategy?
- A . Establish service level agreements (SLAs) with the development team.
- B . Identify key risks and mitigation strategies for mobile applications.
- C . Implement key performance indicators (KPIs) that include application quality.
- D . Identify business requirements concerning mobile applications.
Which of the following is the GREATEST impact to an enterprise that has ineffective information architecture?
- A . Poor desktop service delivery
- B . Data retention
- C . Redundant systems
- D . Poor business decisions
Of the following, who should be responsible for ensuring the regular review of quality management performance against defined quality metrics?
- A . Process owners
- B . Risk management team
- C . Internal auditors
- D . Executive management
An enterprise experiencing issues with data protection and least privilege is implementing enterprise-wide data encryption in response.
Which of the following is the BEST approach to ensure all business units work toward remediating these issues?
- A . Develop key performance indicators (KPIs) to measure enterprise adoption.
- B . Integrate data encryption requirements into existing and planned projects.
- C . Assign owners for data governance initiatives.
- D . Mandate the creation of a data governance framework.
Senior management wants to promote investment in IT, but is uncertain that associated risks are being properly identified.
The BEST way to address this concern is to:
- A . engage an external consultant to develop risk scenarios.
- B . appoint an IT representative to the business risk committee.
- C . assign an IT cost controller to the finance department.
- D . ensure business cases are developed by IT.
Which of the following represents the GREATEST challenge to implementing IT governance?
- A . Determining the best practice to follow
- B . Planning the project itself
- C . Developing a business case
- D . Applying behavioral change management
Which of the following is the BEST method for making a strategic decision to invest in cloud services?
- A . Prepare a business case.
- B . Prepare a request for information (RFI),
- C . Benchmarking.
- D . Define a balanced scorecard.
An enterprise is developing several consumer-based services using emerging technologies involving sensitive personal data. The CIO is under pressure to ensure the enterprise is first to market, but security scan results have not been adequately addressed.
Reviewing which of the following will enable the CIO to make the BEST decision for the customers?
- A . Acceptable use policy
- B . Risk register
- C . Ethics standards
- D . Change management policy
An organization’s board of directors has questioned the value provided by IT key performance indicators (KPIs).
Which of the following is the BEST way to determine whether the KPIs adequately support organizational objectives?
- A . Define a strategy for IT measurement.
- B . Define policies and procedures around current KPIs.
- C . Review the KPIs with key business executives.
- D . Work directly with the CEO to identify what measures should be used.
Which of the following is PRIMARILY achieved through performance measurement?
- A . Process improvement
- B . Transparency
- C . Cost efficiency
- D . Benefit realization
A large retail chain realizes that while there has not been any loss of data, IT security has not been a priority and should become a key goal for the enterprise.
What should be the FIRST high-level initiative for a newly created IT strategy committee in order to support this business goal?
- A . Identifying gaps in information asset protection
- B . Defining data archiving and retrieval policies
- C . Recruiting and training qualified IT security staff
- D . Modernizing internal IT security practices
Risk management strategies are PRIMARILY adopted to:
- A . avoid risks for business and IT assets.
- B . take necessary precautions for claims and losses.
- C . achieve acceptable residual risk levels.
- D . achieve compliance with legal requirements.
An enterprise made a significant change to its business operating model that resulted in a new strategic direction.
Which of the following should be reviewed FIRST to ensure IT congruence with the new business strategy?
- A . IT risk appetite
- B . Enterprise project management framework
- C . IT investment portfolio
- D . Information systems architecture
A chief technology officer (CTO) wants to ensure IT governance practices adequately address risk management specific to mobile applications.
To create the appropriate risk policies for IT, it is MOST important for the CTO to:
- A . understand the enterprise’s risk tolerance.
- B . create an IT risk scorecard.
- C . map the business goals to IT risk processes.
- D . identify the mobile technical requirements.
A large financial institution is considering outsourcing customer call center operations which will allow the chosen vendor to access systems from offshore locations.
Which of the following represents the GREATEST risk?
- A . Inconsistent customer service and reporting
- B . Loss of data confidentiality
- C . Lack of network availability
- D . Inadequate business continuity planning
An IT director is negotiating a contract with a vendor for application management services. There is concern by other departments that the outsourced services may not be delivered successfully.
Which of the following is the BEST way for the IT director to address this concern?
- A . Implement a communication management plan.
- B . Develop a comprehensive vendor management plan.
- C . Review the IT service risk management plan.
- D . Establish a policy on operational level agreements with vendors.
Which of the following is the BEST IT architecture concept to ensure consistency, interoperability, and agility for infrastructure capabilities?
- A . Establishment of an IT steering committee
- B . Standards-based reference architecture and design specifications
- C . Establishment of standard vendor and technology designations
- D . Design of policies and procedures
A company is considering selling products online, and the CIO has been asked to advise the board of directors of potential problems with this strategy.
Which of the following is the ClO’s BEST course of action?
- A . Review the security framework.
- B . Conduct a return on investment (ROI) analysis.
- C . Review the enterprise architecture (EA).
- D . Perform a risk assessment.
In a large enterprise, which of The following is the MOST effective way to understand the business activities associated with the enterprise’s information architecture?
- A . Reviewing IT design with business process managers
- B . Reviewing business strategy with senior management
- C . Mapping business processes within a framework
- D . Aligning business objectives to organizational strategy
A board of directors is concerned that a major IT implementation has the potential to significantly disrupt enterprise operations.
Which of the following would be MOST helpful in identifying the extent of the potential impact of the disruption?
- A . An analysis of the current enterprise risk appetite
- B . An earned value analysis (EVA) of the implementation
- C . A risk assessment of the implementation
- D . A review of lessons learned from previous implementations
Which of the following is the MOST comprehensive method to report on overall IT performance to the board of directors?
- A . Balanced scorecard
- B . Net present value (NPV)
- C . Performance-based payments
- D . Return on investment (ROI)
A CIO has been asked to modify an organization’s IT performance measurement system to reflect recent changes in technology, including the movement of some data processing to a cloud solution.
Which of the following is the PRIMARY consideration when designing such a measurement system?
- A . Ensuring that cost of measurement and reporting is minimized
- B . Ensuring the measurement system maps to the enterprise architecture (EA)
- C . Adequately defining the scope of services moved to the cloud
- D . Correctly understanding stakeholder needs for IT-related measurement
Which of the following MOST effectively demonstrates operational readiness to address information security risk issues?
- A . Executive management has announced an information security risk initiative.
- B . IT management has communicated the need for information security risk management to the business.
- C . A policy has been communicated stating enterprise commitment and readiness to address information security risk.
- D . Procedures have been established for assessing and mitigating information security risks.
An enterprise’s CIO requires all IT processes within the enterprise to be clearly defined.
Which of the following would be the MOST immediate outcome?
- A . Performance
- B . Repeatability
- C . Scalability
- D . Optimization
Best practice states that IT governance MUST:
- A . enforce consistent policy across the enterprise.
- B . be applied in the same manner throughout the enterprise.
- C . apply consistent target levels of maturity to processes.
- D . be a component of enterprise governance.
The MOST important aspect of an IT governance framework to ensure that IT supports repeatable business processes is:
- A . earned value management.
- B . quality management,.
- C . resource management.
- D . risk management
A new CIO has been charged with updating the IT governance structure.
Which of the following is the MOST important consideration to effectively influence organizational and process change?
- A . Obtaining guidance from consultants
- B . Aligning IT services to business processes
- C . Redefining the IT risk appetite
- D . Ensuring the commitment of stakeholders
The PRIMARY benefit of integrating IT resource planning into enterprise strategic planning is that it enables the enterprise to:
- A . allocate resources efficiently to achieve desired goals.
- B . adjust business goals depending upon resource availability.
- C . prioritize resource allocation based on sourcing strategy.
- D . develop tactical plans to achieve resource optimization.
An enterprise is implementing a new IT governance program.
Which of the following is the BEST way to increase the likelihood of its success?
- A . The IT steering committee approves the implementation efforts.
- B . The CIO communicates why IT governance is important to the enterprise.
- C . Implementation follows an IT audit recommendation.
- D . The CIO issues a mandate for adherence to the program.
Which of the following is the PRIMARY element in sustaining an effective governance framework?
- A . Identification of optimal business resources
- B . Establishment of a performance metric system
- C . Ranking of critical business risks
- D . Assurance of the execution of business controls
A global financial enterprise has been experiencing a substantial number of information security incidents that have directly affected its business reputation.
Which of the following should be the IT governance board’s FIRST course of action?
- A . Require revisions to how security incidents are managed by the IT department.
- B . Request an IT security assessment to identify the main security gaps.
- C . Execute an IT maturity assessment of the security process.
- D . Mandate an update to the enterprise’s IT security policy.
An enterprise has had the same IT governance framework in place for several years. Currently, large and small capital projects go through the same architectural governance reviews. Despite repeated requests to streamline the review process for small capital projects, business units have received no response from IT. The business units have recently escalated this issue to the newly appointed GO.
Which of the following should be done FIRST to begin addressing business needs?
- A . Create a central repository for the business to submit requests.
- B . Explain the importance of the IT governance framework.
- C . Assess the impact of the proposed change.
- D . Assign a project team to implement necessary changes.
Which of the following is MOST critical for the successful implementation of an IT process?
- A . Process framework
- B . Service delivery process model
- C . Objectives and metrics
- D . IT process assessment
The board of directors has mandated the use of geolocation software to track mobile assets assigned to employees who travel outside of their home country.
To comply with this mandate, the IT steering committee should FIRST request
- A . the inclusion of mandatory training for remote device users.
- B . an architectural review to determine appropriate solution design.
- C . an assessment to determine if data privacy protection is addressed.
- D . an update to the acceptable use policy.
An analysis of an organization s security breach is complete. The results indicate that the quality of the code used for updates to its primary customer-facing software has been declining and security flaws were introduced.
The FIRST IT governance action to correct this problem should be to review:
- A . compliance with the user testing process.
- B . the change management control framework.
- C . the qualifications of developers to write secure code.
- D . the incident response plan.
Which of the following is the MOST effective way of assessing enterprise risk?
- A . Business impact analysis (BIA)
- B . Business vulnerability assessment
- C . Likelihood of threat analysis
- D . Operational risk assessment
A CIO must determine if IT staff have adequate skills to deliver on key strategic objectives.
Which of the following will provide the MOST useful information?
- A . Employee performance metrics
- B . Project risk reports
- C . Gap analysis results
- D . Training program statistics
When evaluating benefits realization of IT process performance, the analysis MUST be based on;
- A . key business objectives.
- B . industry standard key performance indicators (KPIs).
- C . portfolio prioritization criteria.
- D . IT risk policies.
Which of the following is the PRIMARY ongoing responsibility of the IT governance function related to risk?
- A . Responding to and controlling all IT risk events
- B . Communicating the enterprise risk management plan
- C . Ensuring IT risk management is aligned with business risk appetite
- D . Verifying that all business units have staff skilled at assessing risk
An enterprise considering implementing IT governance should FIRST develop the scope of the IT governance program and:
- A . initiate the program using an implementation roadmap.
- B . establish initiatives for business and managers.
- C . acquire the resources that will be required.
- D . communicate the program to stakeholders to gain consensus.
Which of the following should be the MAIN reason for an enterprise to implement an IT risk management framework?
- A . The need to enable IT risk-aware decisions by executives
- B . The results of an external audit report concerning IT risk management processes.
- C . The need to address market regulations and internal compliance in IT risk
- D . The ability to benchmark IT risk policies against major competitors
An enterprise’s information security function is making changes to its data retention and backup policies.
Which of the following presents the GREATEST risk?
- A . Business data owners were not consulted.
- B . The new policies Increase the cost of data backups.
- C . Data backups will be hosted at third-party locations.
- D . The retention period for data backups is Increased.
Which of the following would be MOST important to update if a decision is made to ban end user-owned devices in the workplace?
- A . Employee nondisclosure agreement
- B . Enterprise risk appetite statement
- C . Enterprise acceptable use policy
- D . Orientation training materials
Which of the following is the MOST effective way to manage risks within the enterprise?
- A . Assign individuals responsibilities and accountabilities for management of risks.
- B . Make staff aware of the risks in their area and risk management techniques.
- C . Provide financial resources for risk management systems.
- D . Document procedures and reporting processes.
Which of the following is an ADVANTAGE of using strategy mapping?
- A . It provides effective indicators of productivity and growth.
- B . It depicts the maturity levels of processes that support organizational strategy.
- C . It identifies barriers to strategic alignment and links them to specific outcomes.
- D . It depicts the cause-and-effect linked relationships between strategic objectives.
Due to continually missed service level agreements (SLAs), an enterprise plans to terminate its contract with a vendor providing IT help desk services. The enterprise s IT department will assume the help desk-related responsibilities.
Which of the following would BEST facilitate this transition?
- A . Requiring the enterprise architecture (EA) be updated
- B . Validating that the balanced scorecard is still meaningful
- C . Ensuring IT will operate at a lower cost than the vendor
- D . Ensuring a change management plan is in place
A manufacturing company has recently decided to outsource portions of its IT operations.
Which of the following would BEST justify this decision?
- A . Core legacy systems are not fully integrated with enterprise IT systems.
- B . Business users are not able to decide upon IT service levels to be provided.
- C . Increasing complexity of core business and IT processes have led to dramatic increasing costs.
- D . The business strategy requires significant IT resource scalability over the next five years.
A CIO believes that a recent mission-critical IT decision by the board of directors is not in the best financial interest of all stakeholders.
Which of the following is the MOST ethical course of action?
- A . Share concerns with the legal department.
- B . Request a meeting with the board.
- C . Engage an independent cost-benefit analysis.
- D . Request an internal audit review of the board’s decision.
A retail enterprise has cost reduction as its top priority. From a governance perspective, which of the following should be the MOST important consideration when evaluating different IT investment options?
- A . Support for increased sales
- B . Risk associated with each option
- C . Industry best practices
- D . Business value impact
Which of the following is the MOST important consideration for data classification to be successfully implemented?
- A . Users should be provided with clear instructions that are easy to follow and understand.
- B . The data classification tools integrate with other tools that help manage the data.
- C . The classification scheme should be closely aligned with the IT strategic plan.
- D . Senior management should be properly trained in monitoring compliance.
Which of the following BEST reflects the ethical values adopted by an IT organization?
- A . IT principles and policies
- B . IT balanced scorecard
- C . IT governance framework
- D . IT goals and objectives
Which of the following would provide the BEST input for prioritizing strategic IT improvement initiatives?
- A . Business dependency assessment
- B . Business process analysis
- C . Business case evaluation
- D . Business impact analysis (BIA)
What is the PRIMARY objective for performing an IT due diligence review prior to the acquisition of a competitor?
- A . Document the competitor’s governance structure.
- B . Ensure that the competitor understands significant IT risks.
- C . Assess the status of the risk profile of the competitor.
- D . Determine whether the competitor is using industry-accepted practices.
The IT program manager does not see the value of conducting risk assessments for a new major IT project. The manager is reluctant to cooperate with internal auditors and the newly formed steering committee. Midway through the project, program requirements were changed because the CEO is a friend of a vendor and wants to implement this vendor’s new technology. This decision will cause the current IT program budget to be insufficient and will be shown as overspending.
After the requirement change request, the IT program manager should FIRST:
- A . obtain confirmation from the business and a decision by the steering committee.
- B . request additional funding from the business owner to cover the additional scope.
- C . report the matter to internal audit as a program deviation to be reviewed.
- D . align IT with the business and agree to the business request.
An enterprise is planning a change in business direction. As a result, IT risk will significantly increase.
Which of the following should be the GO’S FIRST course of action?
- A . Recommend delaying the business change.
- B . Implement IT changes to align with the plan.
- C . Report the risk to executive management
- D . Plan for the corresponding IT reorganization.
Which of the following is MOST important to effectively initiate IT-enabled change?
- A . Establish a change management process.
- B . Obtain top management support and ownership.
- C . Ensure compliance with corporate policy.
- D . Benchmark against best practices.
Which of the following would BEST help to improve an enterprise’s ability to manage large IT investment projects?
- A . Creating a change management board
- B . Reviewing and evaluating existing business cases
- C . Implementing a review and approval process for each phase
- D . Publishing the IT approval process online for wider scrutiny
A business case indicates an enterprise would reduce costs by implementing a bring your own device (BYOD) program allowing employees to use personal devices for email.
Which of the following should be the FIRST governance action?
- A . Assess the enterprise architecture (EA).
- B . Update the network infrastructure.
- C . Update the BYOD policy.
- D . Assess the BYOD risk.
The CIO of a financial services company is tasked with ensuring IT processes are in compliance with recently instituted regulatory changes.
The FIRST course of action should be to:
- A . align IT project portfolio with regulatory requirements.
- B . create an IT balanced scorecard.
- C . identify the penalties for noncompliance.
- D . perform a current state assessment.
The CIO of an enterprise learns the payroll server of a competitor has been the victim of ransomware.
To help plan for the possibility of ransomed corporate data, what should be the ClO’s FIRST course of action?
- A . Require development of key risk indicators (KRls).
- B . Develop a policy to address ransomware.
- C . Request a targeted risk assessment.
- D . Back up corporate data to a secure location.
Which of the following aspects of the transition from X-rays to digital images would be BEST addressed by implementing information security policy and procedures?
- A . Establishing data retention procedures
- B . Training technicians on acceptable use policy
- C . Minimizing the impact of hospital operation disruptions on patient care
- D . Protecting personal health information
Prior to decommissioning an IT system, it is MOST important to:
- A . assess compliance with environmental regulations.
- B . assess compliance with the retention policy.
- C . review the media disposal records.
- D . review the data sanitation records.
A CEO determines the enterprise is lagging behind its competitors in consumer mobile offerings, and mandates an aggressive rollout of several new mobile services within the next 12 months.
To ensure the IT organization is capable of supporting this business objective, what should the CIO do FIRST?
- A . Request an assessment of current in-house mobile technology skills.
- B . Create a sense of urgency with the IT team that mobile knowledge is mandatory.
- C . Procure contractors with experience in mobile application development.
- D . Task direct reports with creating training plans for their teams.
Which of the following is the MOST effective way for a CIO to govern business unit deployment of shadow IT applications in a cloud environment?
- A . Implement controls to block the installation of unapproved applications.
- B . Educate the executive team about the risk associated with shadow IT applications.
- C . Provide training to the help desk to identify shadow IT applications.
- D . Review and update the application implementation process.
Before an IT strategy committee can approve an IT risk assessment framework, which of the following is MOST important to have established?
- A . An enterprise risk mitigation strategy
- B . Leading and lagging risk indicators
- C . IT performance metrics and standards
- D . Enterprise definitions for risk impact and probability