Which of the following should be done FIRST when defining responsibilities for ownership of information and systems?
- A . Require an information risk assessment.
- B . Identify systems that are outsourced.
- C . Ensure information is classified.
- D . Require an inventory of information assets.
Which of the following should be established FIRST so that data owners can consistently assess the level of data protection needed across the enterprise?
- A . Data encryption program
- B . Data risk management program
- C . Data retention policy
- D . Data classification policy
Which of the following is the MOST effective way for a CIO to govern business unit deployment of shadow IT applications in a cloud environment?
- A . Implement controls to block the installation of unapproved applications.
- B . Educate the executive team about the risk associated with shadow IT applications.
- C . Provide training to the help desk to identify shadow IT applications.
- D . Review and update the application implementation process.
In an enterprise that has worldwide business units and a centralized financial control model, which of the following is a barrier to strategic alignment of business and IT?
- A . Each business unit has its own steering committee for IT investment and prioritization.
- B . Uniform portfolio management is in place throughout the business units.
- C . IT is the exclusive provider of IT services to the business units.
- D . The enterprise’s CIO is a member of the executive committee.
A company is considering selling products online, and the CIO has been asked to advise the board of directors of potential problems with this strategy .
Which of the following is the ClO’s BEST course of action?
- A . Review the security framework.
- B . Conduct a return on investment (ROI) analysis.
- C . Review the enterprise architecture (EA).
- D . Perform a risk assessment.
Which of the following should be done FIRST when concerns have been identified regarding the financial viability of a potential software supplier?
- A . Implement an escrow agreement
- B . Perform a risk assessment
- C . Include a right-to-audit clause in the contract
- D . License the intellectual property
The board and senior management of a new enterprise recently met to formalize an IT governance framework.
The board of directors’ FIRST step in implementing IT governance is to ensure that:
- A . an IT balanced scorecard is implemented.
- B . a portfolio of IT-enabled investments is developed.
- C . IT roles and responsibilities are established.
- D . IT policies and procedures are defined.
A large enterprise that is diversifying its business will be transitioning to a new software platform, which is expected to cause data changes .
Which of the following should be done FIRST when developing the related metadata management process?
- A . Require an update to enterprise data policies.
- B . Request an impact analysis.
- C . Review documented data interdependence.
- D . Validate against existing architecture.
The PRIMARY reason for an enterprise to adopt an IT governance framework is to:
- A . assure IT sustains and extends the enterprise strategies and objectives.
- B . expedite IT investments among other competing business investments.
- C . establish IT initiatives focused on the business strategy.
- D . allow IT to optimize confidentiality, integrity, and availability of information assets.
Which of the following would be MOST useful for prioritizing IT improvement initiatives to achieve desired business outcomes?
- A . Budget variance analysis
- B . Enterprise architecture (EA)
- C . IT skills matrix
- D . Portfolio management
An enterprise has finalized a major acquisition and a new business strategy in line with stakeholder needs has been introduced. To help ensure continuous alignment of IT with the new business strategy the CiO should FIRST
- A . review the existing IT strategy against the new business strategy
- B . revise the existing IT strategy to align with the new business strategy
- C . establish a new IT strategy committee for the new enterprise
- D . assess the IT cultural aspects of the acquired entity
An enterprise has lost an unencrypted backup tape of archived customer data. A data breach report is not mandatory in the relevant jurisdiction.
From an ethical standpoint, what should the enterprise do NEXT?
- A . Initiate disciplinary proceedings against relevant employees.
- B . Mandate a review of backup tape inventory procedures.
- C . Communicate the breach to customers.
- D . Require an evaluation of storage facility vendors.
The CIO of a large enterprise has taken the necessary steps to align IT objectives with business objectives .
What is the BEST way for the CIO to ensure these objectives are delivered effectively by IT staff?
- A . Map the IT objectives to an industry-accepted framework.
- B . Enhance Ihe budget for training based on the IT objectives.
- C . Include the IT objectives in staff performance plans.
- D . Include CIO sign-off of the objectives as part of the IT strategic plan.
An enterprise has decided to utilize a cloud vendor for the first time to provide email as a service, eliminating in-house email capabilities .
Which of the following IT strategic actions should be triggered by this decision?
- A . Develop a data protection awareness education training program.
- B . Monitor outgoing email traffic for malware.
- C . Implement a data classification and storage management tool.
- D . Update and communicate data storage and transmission policies.
Which of the following is the MOST effective means for IT management to report to executive management regarding the value of IT?
- A . IT process maturity level
- B . Cost-benefit analysis
- C . Resource assessment
- D . Balanced scorecard
Following a re-prioritization of business objectives by management, which of the following should be performed FIRST to allocate resources to IT processes?
- A . Perform a maturity assessment.
- B . Implement a RACI model.
- C . Refine the human resource management plan.
- D . Update the IT strategy.
Which of the following should be the MOST important consideration when defining an information architecture?
- A . Frequency and quantity of information updates
- B . Information to justify business cases
- C . Incorporation of emerging technologies
- D . Access to and exchange of information
An enterprise is planning to replace multiple enterprise resource planning (ERP) systems at various regions with one company-wide ERP system. The main objective of this change is to achieve economies of scale efficiencies resulting in cost reductions.
To meet this objective, what is the BEST approach in the planning phase of the project?
- A . Implement an ERP system on shared resources with the lowest cost.
- B . Minimize customization by standardizing ERP processes across regions.
- C . Adopt a best in breed web-based architecture for the ERP system.
- D . Use a service provider to evaluate and implement the new ERP processes.
Which of the following provides the BEST evidence of effective IT governance?
- A . Cost savings and human resource optimization
- B . Business value and customer satisfaction
- C . IT risk identification and mitigation
- D . Comprehensive IT policies and procedures
Which of the following is MOST critical to support IT governance cultural changes within an organization?
- A . Established IT monitoring and measuring
- B . Regularly scheduled governance training
- C . Demonstrated management commitment
- D . IT governance process manuals
Which of the following is the BEST method for making a strategic decision to invest in cloud services?
- A . Prepare a business case.
- B . Prepare a request for information (RFI),
- C . Benchmarking.
- D . Define a balanced scorecard.
Which of the following is the BEST approach when reviewing The security status of a new business acquisition?
- A . Embed IT risk management strategies in service level agreements (SLAs).
- B . Establish a committee to oversee the alignment of IT security in new businesses.
- C . Incorporate IT security objectives to cover additional risks associated with new businesses.
- D . Integrate IT risk assessment into the overall due diligence process.
An enterprise is planning to outsource data processing for personally identifiable information (Pll). When is the MOST appropriate time to define the requirements for security and privacy of information?
- A . When issuing requests for proposals (RFPs)
- B . After an assessment of the current information architecture .
- C . When developing service level agreements (SLAs)
- D . During the initial vendor selection process
An enterprise considers implementing a system that uses a technology that is not in line with its IT strategy. The business case indicates significant benefit to the enterprise .
Which of the following is the BEST way to manage this situation within an IT governance framework?
- A . Update the IT strategy to align with the new technology.
- B . Initiate an operational change request.
- C . Reject based on non-alignment.
- D . Address as part of an architecture exception process.
An enterprise has been focused on establishing an IT risk management framework .
Which of the following should be the PRIMARY motivation behind this objective?
- A . Promoting responsibility throughout the enterprise for managing IT risk.
- B . Increasing the enterprise’s risk tolerance level and risk appetite.
- C . Engaging executives in examining IT risk when developing policies.
- D . Maintaining a complete and accurate risk registry to belief manage IT risk
An enterprise-wide strategic plan has been approved by the board of directors .
Which of the following would BEST support the planning of IT investments required for the enterprise?
- A . Service-oriented architecture
- B . Enterprise architecture (EA)
- C . Contingency planning
- D . Enterprise balanced scorecard
A CIO just received a final audit report that indicates there is inconsistent enforcement of the enterprise’s mobile device acceptable use policy throughout all business units .
Which of the following should be the FIRST step to address this issue?
- A . Incorporate compliance metrics into performance goals.
- B . Review the relevance of existing policy.
- C . Mandate awareness training for all mobile device users.
- D . Implement controls to enforce the policy.
Which of the following is the MOST comprehensive method to report on overall IT performance to the board of directors?
- A . Balanced scorecard
- B . Net present value (NPV)
- C . Performance-based payments
- D . Return on investment (ROI)
When implementing an IT governance framework, which of the following would BEST ensure acceptance of the framework?
- A . Factoring in the effects of enterprise culture
- B . Using subject matter experts
- C . Using industry-accepted practices
- D . Complying with regulatory requirements
An IT audit report indicates that a lack of IT employee risk awareness is creating serious security issues in application design and configuration .
Which of the following would be the BEST key risk indicator (KRI) to show progress in IT employee behavior?
- A . Number of IT employees attending security training sessions
- B . Results of application security testing
- C . Number of reported security incidents
- D . Results of application security awareness training quizzes
Which of the following should be the PRIMARY basis for establishing categories within an information classification scheme?
- A . Information architecture
- B . Industry standards
- C . Information security policy
- D . Business impact
Which of the following is the BEST way for an organization to minimize the difference between expected and delivered services when acquiring resources?
- A . Negotiate service level agreements (SLAs)
- B . Measure service delivery using industry benchmarks
- C . Require quarterly benefits realization reporting
- D . Include a right-to-audit clause in the contract.
A major data leakage incident at an enterprise has resulted in a mandate to strengthen and enforce current data governance practices .
Which of the following should be done FIRST to achieve this objective?
- A . Assess data security controls.
- B . Review data logs.
- C . Analyze data quality.
- D . Verify data owners.
A business is considering a policy to anonymize personal data in enterprise systems.
Before making a decision, which of the following is MOST important for the IT steering committee to consider?
- A . Business impact analysis (BIA) results
- B . Regulatory requirements
- C . Sustainability costs to the enterprise
- D . Potential implementation barriers
The PRIMARY objective of IT resource planning within an enterprise should be to:
- A . determine risk associated with IT resources.
- B . maximize value received from IT.
- C . determine IT outsourcing options.
- D . finalize service level agreements (SLAs) for IT
An IT steering committee is presented with an audit finding that new software applications are delivered on time but consistently have unacceptable levels of defects .
Which of the following would be the BEST direction from the committee?
- A . Implement performance indicators.
- B . Evaluate the change management process.
- C . Establish code peer reviews.
- D . Evaluate the quality assurance process.
To benefit from economies of scale, a CIO is deciding whether to outsource some IT services .
Which of the following would be the MOST important consideration during the decision-making process?
- A . IT staff morale
- B . Core IT processes
- C . Outsourcer’s reputation
- D . New service level agreements (SLAs)
Following a strategic planning session, new IT objectives were announced .
Which of the following is the MOST effective way for the CIO to ensure these objectives are cascaded to IT personnel?
- A . Communicate the new IT objectives during a staff meeting.
- B . Define individual performance measures related to the IT objectives.
- C . Establish IT management’s performance measures based on the IT objectives.
- D . Update the IT balanced scorecard to align with the new IT objectives.
Which of the following is an ADVANTAGE of using strategy mapping?
- A . It provides effective indicators of productivity and growth.
- B . It depicts the maturity levels of processes that support organizational strategy.
- C . It identifies barriers to strategic alignment and links them to specific outcomes.
- D . It depicts the cause-and-effect linked relationships between strategic objectives.
An enterprise has identified potential environmental disasters that could occur in the area where its data center is located .
Which of the following should be done NEXT?
- A . Implement an early warning detection and notification system.
- B . Assess the likelihood and impact on the data center.
- C . Relocate the data center to minimize the threat.
- D . Assess how the data center is protected against the threat.
Which of the following BEST reflects the ethical values adopted by an IT organization?
- A . IT principles and policies
- B . IT balanced scorecard
- C . IT governance framework
- D . IT goals and objectives
An IT steering committee is preparing to review proposals for projects that implement emerging technologies.
In anticipation of the review, the committee should FIRST:
- A . determine if the IT staff can support the emerging technologies.
- B . understand how the emerging technologies will influence risk across the enterprise.
- C . require a capacity plan and framework review for the emerging technologies,
- D . require a review of the enterprise risk management framework.
An enterprise is conducting a SWOT analysis as part of IT strategy development .
Which of the following would be MOST helpful to identify opportunities and threats?
- A . Risk appetite
- B . Internal framework assessment
- C . Competitor analysis
- D . Critical success factors (CSF)
An enterprise embarked on an aggressive strategy requiring the implementation of several large IT projects impacting multiple business processes across all departments. Initially employees were supportive of the strategy, but there is growing fatigue and frustration with the ongoing new capabilities which must be learned .
Which of the following would be the BEST action performed by senior management?
- A . Incorporate an organizational change management program.
- B . Establish "Reward and Recognition" efforts to boost employee morale.
- C . Improve the system development life cycle (SDLC) process.
- D . Assess current business and IT competencies.
An enterprise has had the same IT governance framework in place for several years. Currently, large and small capital projects go through the same architectural governance reviews. Despite repeated requests to streamline the review process for small capital projects, business units have received no response from IT. The business units have recently escalated this issue to the newly appointed GO .
Which of the following should be done FIRST to begin addressing business needs?
- A . Create a central repository for the business to submit requests.
- B . Explain the importance of the IT governance framework.
- C . Assess the impact of the proposed change.
- D . Assign a project team to implement necessary changes.
Which of the following would be MOST helpful to an enterprise that wants to standardize how sensitive corporate data is handled?
- A . Information classification framework
- B . Enterprise risk policy
- C . Enterprise risk management (ERM) framework
- D . Information security policy
Which of the following is the GREATEST benefit of using a quantitative nsk assessment method?
- A . It uses resources more efficiently
- B . It can be used to assess risks against non-tangible assets
- C . It reduces subjectivity
- D . It helps in prioritizing risk response action plans
To ensure that information can be traced to the originating event and accountable parties, an enterprise should FIRST:
- A . capture source information and supporting evidence.
- B . improve business process controls.
- C . review information event logs tor potential incidents.
- D . review retention requirements for source information.
Which of the following should be the FIRST consideration for an enterprise faced with a pandemic situation resulting in a mandatory remote work environment?
- A . Reviewing and testing disaster recovery plans (DRPs)
- B . Ensuring staff has the necessary technology to be productive
- C . Ensuring remote work policies are updated and communicated
- D . Revising IT performance monitoring metrics
To reduce the risk of reputational damage through inappropriate use of social media by employees outside of the workplace, the enterprise approach regarding social media should PRIMARILY focus on;
- A . implementing preventative controls.
- B . developing policies on social media.
- C . implementing a review of processes utilizing social media.
- D . ensuring each use of social media is approved by management.
Which of the following has PRIMARY responsibility to define the requirements for IT service levels for the enterprise?
- A . The business manager
- B . The help desk
- C . The CIO
- D . The business continuity vendor
Risk management strategies are PRIMARILY adopted to:
- A . avoid risks for business and IT assets.
- B . take necessary precautions for claims and losses.
- C . achieve acceptable residual risk levels.
- D . achieve compliance with legal requirements.
While assessing the feasibility of introducing new IT practices and standards into the IT governance framework, it is CRITICAL to understand an organization’s:
- A . culture.
- B . level of outsourcing.
- C . enterprise architecture (EA).
- D . maturity of IT processes.
Which of the following BEST facilitates the standardization of IT vendor selection?
- A . Cost-benefit analysis
- B . Contract management office
- C . Service level agreements (SLAs)
- D . Procurement framework
A recent benchmarking analysis has indicated an IT organization is retaining more data and spending significantly more on data retention than its competitors .
Which of the following would BEST ensure the optimization of retention costs?
- A . Requiring that all business cases contain data deletion and retention plans
- B . Revalidating the organization’s risk tolerance and re-aligning the retention policy
- C . Moving all high-risk and medium-risk data backups to cloud storage
- D . Redefining the retention policy to align with industry best practices
Which of the following BEST indicates the success of an enterprise’s IT governance framework after implementation?
- A . A high percentage of business owners involved with the approval of the IT strategic plan
- B . A high percentage of IT systems complying with corporate information security standards
- C . A high percentage of IT projects delivered on time and on budget
- D . A high percentage of IT investments delivering expected benefits
Which of the following is MOST important for an enterprise to review when classifying information assets?
- A . Procedures for information handling
- B . Requirements for information retention.
- C . Media used for storage and backup
- D . Impact of information exposure
Which of the following roles is accountable for the confidentiality integrity and availability of information within an enterprise?
- A . Risk manager
- B . Data owner
- C . Lead legal counsel
- D . Data custodian
An enterprise experiencing issues with data protection and least privilege is implementing enterprise-wide data encryption in response .
Which of the following is the BEST approach to ensure all business units work toward remediating these issues?
- A . Develop key performance indicators (KPIs) to measure enterprise adoption.
- B . Integrate data encryption requirements into existing and planned projects.
- C . Assign owners for data governance initiatives.
- D . Mandate the creation of a data governance framework.
Results of an enterprise’s customer survey indicate customers prefer using mobile applications. However, this same survey shows the enterprise’s mobile applications are considered inferior compared to legacy browser-based applications .
Which of the following should be the FIRST step in creating an effective long-term mobile application strategy?
- A . Establish service level agreements (SLAs) with the development team.
- B . Identify key risks and mitigation strategies for mobile applications.
- C . Implement key performance indicators (KPIs) that include application quality.
- D . Identify business requirements concerning mobile applications.
Which of the following provides the STRONGEST indication that IT governance is well established within an organizational culture?
- A . IT performance metrics are defined in the balanced scorecard.
- B . Benefits of IT governance are realized throughout the organization.
- C . There is awareness of IT metrics throughout the organization.
- D . IT governance defines how IT projects should be assessed.
A global enterprise is experiencing an economic downturn and is rapidly losing market share. IT senior management is reassessing the core activities of the business, including IT, and the associated resource implications. Management has decided to focus on its local market and to close international operations.
A critical issue from a resource management perspective is to retain the most capable staff. This is BEST achieved by:
- A . reviewing current goals-based performance appraisals across the enterprise.
- B . ranking employees across the enterprise based on their compensation.
- C . ranking employees across the enterprise based on length of service.
- D . retaining capable staff exclusively from the local market.
A new and expanding enterprise has recently received a report indicating 90% of its data has been collected in just the last six months, triggering data breach and privacy concerns .
What should be the IT steering committee’s FIRST course of action to ensure new data is managed effectively?
- A . Mitigate and track data-related issues and risks.
- B . Modify legal and regulatory data requirements.
- C . Define data protection and privacy practices.
- D . Assess the information governance framework.
Which of the following would be MOST important to update if a decision is made to ban end user-owned devices in the workplace?
- A . Employee nondisclosure agreement
- B . Enterprise risk appetite statement
- C . Enterprise acceptable use policy
- D . Orientation training materials
Which of the following is the MOST important reason to include internal audit as a stakeholder when establishing clear roles for the governance of IT?
- A . Internal audit has knowledge and technical expertise to advise on IT infrastructure.
- B . Internal audit is accountable for the overall enterprise governance of IT.
- C . Internal audit implements controls over IT risks and security.
- D . Internal audit provides input on relevant issues and control processes.
To generate value for the enterprise, it is MOST important that IT investments are:
- A . aligned with the IT strategic objectives.
- B . approved by the CFO.
- C . consistent with the enterprise’s business objectives.
- D . included in the balanced scorecard.
When considering an IT change that would enable a potential new line of business, the FIRST strategic step for IT governance would be to ensure agreement among the stakeholders regarding:
- A . objectives to achieve goals.
- B . metrics to measure effectiveness
- C . a vision for the future state,
- D . a change response plan
An enterprise has identified a number of plausible risk scenarios that could result in economic loss associated with major IT investments .
Which of the following is the BEST method to assess the risk?
- A . Cost-benefit analysis
- B . Qualitative analysis
- C . Business impact analysis (BIA)
- D . Quantitative analysis
An enterprise wants to reduce the complexity of its data assets while ensuring impact to the business is minimized during the transition .
Which of the following should be done FIRST?
- A . Remove applications that are not aligned with the information architecture.
- B . Review the information classification and retention policies
- C . Review the information architecture.
- D . Assess current information ownership.
An IT department outsourced application support and negotiated service level agreements (SLAs) directly with the vendor Although the vendor met the SLAs business owner expectations are not met and senior management cancels the contract.
This situation can be avoided in the future by:
- A . improving the business requirements gathering process
- B . improving the negotiation process for service level agreements (SLAs)
- C . implementing a vendor performance scorecard
- D . assigning responsibility for vendor management
Which of the following is MOST critical for the successful implementation of an IT process?
- A . Process framework
- B . Service delivery process model
- C . Objectives and metrics
- D . IT process assessment
A CEO determines the enterprise is lagging behind its competitors in consumer mobile offerings, and mandates an aggressive rollout of several new mobile services within the next 12 months.
To ensure the IT organization is capable of supporting this business objective, what should the CIO do FIRST?
- A . Request an assessment of current in-house mobile technology skills.
- B . Create a sense of urgency with the IT team that mobile knowledge is mandatory.
- C . Procure contractors with experience in mobile application development.
- D . Task direct reports with creating training plans for their teams.
The CIO of an enterprise learns the payroll server of a competitor has been the victim of ransomware.
To help plan for the possibility of ransomed corporate data, what should be the ClO’s FIRST course of action?
- A . Require development of key risk indicators (KRls).
- B . Develop a policy to address ransomware.
- C . Request a targeted risk assessment.
- D . Back up corporate data to a secure location.
Communicating which of the following to staff BEST demonstrates senior management’s commitment to IT governance?
- A . Legal and regulatory requirements
- B . Approved IT investment opportunities
- C . Objectives and responsibilities
- D . Need for enterprise architecture (EA)
When developing a business case for an enterprise resource planning (ERP) implementation, which of the following, if overlooked, causes the GREATEST impact to the enterprise?
- A . Vendor selection
- B . Salvage value of legacy hardware
- C . Interdependent systems
- D . IT best practices
An enterprise is concerned with the potential for data leakage as a result of increased use of social media in the workplace, and wishes to establish a social media strategy .
Which of the following should be the MOST important consideration in developing this strategy?
- A . Criticality of the information
- B . Ensuring that the enterprise architecture (EA) is updated
- C . Data ownership
- D . The balance between business benefits and risk
An enterprise’s decision to move to a virtualized architecture will have the GREATEST impact on:
- A . system life cycle management.
- B . asset classification.
- C . vendor management
- D . vulnerability management.
A board of directors wants to ensure the enterprise is responsive to changes in its environment that would directly impact critical business processes .
Which of the following will BEST facilitate meeting this objective?
- A . Scheduling frequent threat analyses
- B . Monitoring key risk indicators (KRIs)
- C . Regularly reviewing the enterprise risk appetite
- D . Implementing a competitive intelligence tool
Which of the following should be the FIRST step in planning an IT governance implementation?
- A . Assign decision-making responsibilities.
- B . Obtain necessary business funding.
- C . Define key business performance indicators.
- D . Identify business drivers.
An enterprise is trying to increase the maturity of its IT process from being ad hoc to being repeatable .
Which of the following is the PRIMARY benefit of this change?
- A . Process optimization is embedded across the organization.
- B . Required outcomes are mapped to business objectives.
- C . Process performance is measured in business terms.
- D . Required outcomes are more frequently achieved.
An enterprise has learned of a new regulation that may impact delivery of one of its core technology services.
Which of the following should the done FIRST?
- A . Update the risk management framework
- B . Determine whether the board wants to comply with the regulation
- C . Assess the risk associated with the new regulation
- D . Request an action plan from the risk team
An IT steering committee wants to select a disaster recovery site based on available nsk data.
Which of the following would BE ST enable the mapping of cost to risk?
- A . Key risk indicators (KRIs)
- B . Scenario-based assessment
- C . Business impact analysis (BIA)
- D . Qualitative forecasting
The CIO in a large enterprise is seeking assurance that significant IT risk is being proactively monitored and does not exceed agreed risk tolerance levels.
The BEST way to provide this ongoing assurance is to require the development of:
- A . an IT risk appetite statement.
- B . a risk management policy.
- C . key risk indicators (KRIs).
- D . a risk register.
The FIRST step in aligning resource management to the enterprise’s IT strategic plan would be to
- A . develop a responsible, accountable, consulted and informed (RACI) chart
- B . assign appropriate roles and responsibilities
- C . perform a gap analysis
- D . identify outsourcing opportunities
Which of the following is the MOST important attribute of an information steward?
- A . The information steward manages the systems that process the relevant data.
- B . The information steward has expertise in managing data quality systems.
- C . The information steward is closely aligned with the business function.
- D . The information steward is part of the information architecture group.
An enterprise plans to expand into new markets in countries lacking data privacy regulations, increasing risk exposure .
Which of the following is the BEST course of action for the CIO?
- A . Identify business risk appetite and tolerance levels.
- B . Quantify the risk impact and evaluate possible countermeasures.
- C . Limit the personal data available to the high-risk countries.
- D . Mandate the strengthening of user access controls.
The use of an IT balanced scorecard enables the realization of business value of IT through:
- A . business value and control mechanisms.
- B . outcome measures and performance drivers.
- C . financial measures and investment management.
- D . vision and alignment with corporate programs.
An enterprise has decided to create its first mobile application. The IT director is concerned about the potential impact of this initiative .
Which of the following is the MOST important input for managing the risk associated with this initiative?
- A . Enterprise architecture (EA)
- B . IT risk scorecard
- C . Enterprise risk appetite
- D . Business requirements
The MAIN responsibility of the board of directors regarding the management of enterprise risk is to:
- A . ensure a risk process exists which addresses the risk appetite.
- B . sustain investment in staff training regarding IT risk.
- C . promote a benefits-driven culture throughout the enterprise.
- D . maintain awareness of IT risk to the business.
Which of the following would be the BEST way to facilitate the adoption of strong IT governance practices throughout a multi-divisional enterprise?
- A . Ensuring each divisional policy is consistent with corporate policy
- B . Ensuring divisional governance fosters continuous improvement processes
- C . Mandating data standardization across the distributed enterprise
- D . Documenting and communicating key management practices across divisions
The BEST way for a CIO to monitor the alignment between the business and IT strategy is to regularly review
- A . key risk indicators (KRIs)
- B . IT services supporting business processes
- C . the balanced scorecard
- D . the risk register
A chief technology officer (CTO) wants to ensure IT governance practices adequately address risk management specific to mobile applications.
To create the appropriate risk policies for IT, it is MOST important for the CTO to:
- A . understand the enterprise’s risk tolerance.
- B . create an IT risk scorecard.
- C . map the business goals to IT risk processes.
- D . identify the mobile technical requirements.
When developing an IT training plan, which of the following is the BEST way to ensure that resource skills requirements are identified?
- A . Extract training requirements from deficiencies reported in customer service satisfaction surveys.
- B . Ask managers to determine IT training requirements annually.
- C . Determine training needs based on the capabilities to support the IT strategy.
- D . Survey employees for IT skills requirements based upon technology trends.
The board of directors of a large organization has directed IT senior management to improve IT governance within the organization.
IT senior management’s MOST important course of action should be to:
- A . understand the driver that led to a desire to change.
- B . assess the current slate of IT governance within the organization.
- C . review IT strategy and direction.
- D . analyze IT service levels and performance.
To meet the growing demands of a newly established business unit, IT senior management has been tasked with changing the current IT organization model to service-oriented.
With significant growth expected of the IT organization, which of the following is the MOST important consideration when planning for long-term IT service delivery?
- A . The IT service delivery model is approved by the business.
- B . An IT risk management process is in place.
- C . IT is able to provide a comprehensive service catalog to the business.
- D . The IT organization is able to sustain business requirements.
The BEST way to manage continuous improvement of governance-related processes is to:
- A . assess existing process resource capacities.
- B . define accountability based on roles and responsibilities.
- C . apply effective quality management practices.
- D . require third-party independent reviews.
Which of the following provides the BEST evidence of an IT risk-aware culture across an enterprise?
- A . Business staff report identified IT risks.
- B . IT risks are communicated to the business.
- C . IT risk-related policies are published.
- D . The IT infrastructure is resilient.
An enterprise has established a new department to oversee the life cycle of activities that support data management objectives .
Which of the following should be done NEXT?
- A . Develop a business continuity plan (BCP).
- B . Assess the current data business model.
- C . Review data privacy requirements.
- D . Establish a RACI chart
The use of new technology in an enterprise will require specific expertise and updated system development processes. There is concern that IT is not properly sourced .
Which of the following should be the FIRST course of action?
- A . Perform a risk assessment on potential outsourcing.
- B . Update the enterprise architecture (EA) with the new technology.
- C . Review the IT balanced scorecard for sourcing opportunities.
- D . Assess the gap between current and required staff competencies.
A large bank has completed several acquisitions in the last few years that have resulted in redundant IT applications. To align with the strategic initiative of providing integrated services to customers, the IT steering committee has decided to share data and integrate applications .
Which of the following would be MOST important to review in this situation?
- A . Enterprise architecture (EA)
- B . IT risk register
- C . Balanced scorecard measures
- D . IT strategic plan