Isaca CGEIT Online Practice Questions and Exam Preparation

Isaca CGEIT Online Questions & Answers

• Question 161:

  Which of the following is the PRIMARY ongoing responsibility of the IT governance function related to risk?

  A. Responding to and controlling all IT risk events
  B. Communicating the enterprise risk management plan
  C. Ensuring IT risk management is aligned with business risk appetite
  D. Verifying that all business units have staff skilled at assessing risk
  C. Ensuring IT risk management is aligned with business risk appetite

  ---

  Ensuring IT risk management is aligned with business risk appetite is the primary ongoing responsibility of the IT governance function related to risk, as it helps to ensure that the IT risks are consistent with the enterprise's objectives, strategy, and tolerance for risk. IT risk management alignment also facilitates the integration of IT risk management with enterprise risk management (ERM), and the communication and reporting of IT risk to the relevant stakeholders. References: CGEIT Exam Content Outline, Domain 4, Subtopic B: IT Risk Management, Task 1: Ensure that an IT risk management framework exists to identify, analyze,mitigate, manage, monitor, and communicate IT-related business risk, and that the framework for IT risk management is in alignment with the enterprise risk management (ERM) framework.

• Question 162:

  Enterprise IT has overseen the implementation of an array of data services with overlapping functionality leading to business inefficiencies. Which of the following is the MOST likely cause of this situation?

  A. insufficient information architecture
  B. Ineffective project management
  C. An outdated service level agreement (SLA)
  D. An incomplete cost-benefit analysis
  A. insufficient information architecture

  ---

  Information architecture (IA) is the process of guiding users through the site by organising and arranging all the relevant content in a clear, intuitive way. It also ensures consistency throughout a product's design by standardising labelling conventions such as menu names, link titles, and button labels across all pages. If enterprise IT has overseen the implementation of an array of data services with overlapping functionality, it may indicate that they have not followed a coherent and effective IA strategy. This can lead to business inefficiencies, such as duplication of efforts, confusion among users, and difficulty in finding and accessing information. According to one of the web search results, "Application rationalization is a simple first step to analyze the current architecture to determine redundant applications, overlapping functionality, and software that is not exactly current. As more companies move into a service-oriented architecture implementation, this analysis is a cost-effective way to ensure that the IT resources are utilized in the most efficient manner." Ineffective project management, an outdated service level agreement (SLA), and an incomplete cost-benefit analysis are not the most likely causes of this situation. They are more related to the planning, execution, and evaluation of individual projects, rather than the overall design and organisation of information systems. References: What is information architecture? - UX Design Institute, Staying Current And Supporting Systems With Overlapping Functionality

• Question 163:

  The BEST time to identity metrics to measure the performance of an IT-enabled investment is during: A. system implementation

  B. project initiation

  C. investment feasibility analysis

  D. business case development.

  Correct Answer. D
  D

  ---

  The BEST time to identify metrics to measure the performance of an IT-enabled investment is during business case development. A business case is a document that provides the rationale and justification for initiating a project or investment. It includes information such as the objectives, scope, benefits, costs, risks, assumptions, and success criteria of the proposed project or investment. Identifying metrics to measure the performance of an IT- enabled investment during business case development can help to: Define the expected outcomes and value of the investment. Establish a baseline and targets for comparison and evaluation. Align the investment with the strategic goals and objectives of the enterprise. Communicate and demonstrate the benefits and impacts of the investment to stakeholders. Monitor and control the progress and performance of the investment throughout its lifecycle. References: Business Case Development - Project Management Institute How to Write a Business Case - ProjectManager.com How to Measure the Value of an IT Investment - TechSoup Maximizing IT Performance: 11 Metrics and KPIs to Monitor -Whatfix Top 10 Essential IT Metrics and KPIs - Apptio Metrics For Evaluating The Success Of Tech Projects And ... - Forbes Portfolio Performance Metrics Investors Should Understand - Navexa

• Question 164:

  Of the following, who is PRIMARILY responsible for applying frameworks for the governance of IT to balance the need for security controls with business requirements?

  A. Data scientists
  B. Data stewards
  C. Data analysts
  D. Data processors
  B. Data stewards

  ---

  Data stewards are primarily responsible for applying frameworks for the governance of IT to balance the need for security controls with business requirements, as they are the custodians of the data quality, integrity, and security within an organization. Data stewards define and implement data policies, standards, and procedures, as well as monitor and report on data compliance and performance. Data stewards also collaborate with other stakeholders, such as data owners, data users, and data scientists, to ensure that the data is aligned with the business objectives and meets the regulatory and ethical requirements. Data scientists, data analysts, and data processors are not primarily responsible for applying frameworks for the governance of IT, as they are more focused on the technical aspects of data collection, analysis, and processing. Data scientists use advanced methods and tools to extract insights and value from data. Data analysts use descriptive and inferential statistics to explore and interpret data. Data processors perform operations on data, such as entry, validation, transformation, storage, and retrieval. References: What is a Data Steward? | Informatica; Data Governance Roles: The Ultimate Guide | Collibra; Data Governance Roles: Who Does What? | erwin; [What is IT governance? A formal way to align IT and business strategy].

• Question 165:

  IT management has reported difficulty retaining qualified IT personnel to support the organization's new strategy. Given that outsourcing is not a viable approach, which of the following would be the BEST way for IT governance to address this situation?

  A. Implement an incentive-based employee referral program
  B. Direct the development of a strategic HR plan for IT
  C. Recommend enhancements to the online recruiting platform specific to IT
  D. Work with HR to enhance compensation packages for IT personnel
  B. Direct the development of a strategic HR plan for IT

  ---

  A strategic HR plan is a document that drives the business forward by evaluating where the workforce is at and comparing it to future needs. It sets out the organizational goals and outlines how the HR team will help achieve them. A strategic HR plan for IT would help to identify and address the gaps, challenges, and opportunities in the IT talent management, such as recruitment, retention, development, engagement, and succession. A strategic HR plan for IT would also help to align the IT workforce with the IT strategy and objectives, and to ensure that the IT personnel have the skills, competencies, and motivation to support the organization's new strategy. A strategic HR plan for IT would also help to communicate and collaborate with the IT personnel and other stakeholders, and to foster a positive and supportive IT culture.

• Question 166:

  Which of the following is MOST critical to support IT governance cultural changes within an organization?

  A. Established IT monitoring and measuring
  B. Regularly scheduled governance training
  C. Demonstrated management commitment
  D. IT governance process manuals
  C. Demonstrated management commitment

  ---

  The MOST critical factor to support IT governance cultural changes within an organization is demonstrated management commitment. IT governance is the process of ensuring that IT supports the achievement of the organization's goals and objectives, and delivers value to its stakeholders. IT governance involves aligning the IT strategy, policies, processes, and resources with the business strategy, needs, and expectations. However, implementing and sustaining IT governance requires a significant amount of change in the organization, such as introducing new technologies, standards, roles, and responsibilities. Therefore, demonstrated management commitment is essential for supporting IT governance cultural changes within an organization, as it can: Provide the direction and mandate for the IT governance initiative on an ongoing basis Communicate the vision, mission, goals, and objectives of the IT function to all stakeholders Allocate the necessary resources and capabilities to enable the IT governance processes and activities Monitor and evaluate the performance and outcomes of the IT function and provide feedback and recognition Foster a positive and collaborative culture that values IT as a strategic partner and enabler of the business The other options are not as critical as option C. While it is important to have established IT monitoring and measuring, regularly scheduled governance training, and IT governance process manuals, these are not sufficient to support IT governance cultural changes within an organization. They are rather means to achieve the end goal of implementing and sustaining IT governance. They do not necessarily reflect the level of commitment, involvement, and support from the management toward IT governance.

• Question 167:

  From a governance perspective, which of the following functions MUST approve the agreed-upon criteria for a new technology-enabled service before submitting the final high- level design to project stakeholders?

  A. Information security
  B. Project management office (PMO)
  C. Quality assurance (QA)
  D. Internal audit
  A. Information security

  ---

  Information security must approve the criteria for technology-enabled services to ensure that all security-related considerations, including compliance, risk mitigation, and data protection, are addressed. This step aligns the service design with the enterprise's security policies and regulatory requirements before it progresses to stakeholders. Other functions such as QA and PMO contribute to execution and oversight, but the responsibility for security approvals rests with information security. References: COBIT 2019, ISACA Security Guidance.

• Question 168:

  Which of the following is the BEST way to ensure the continued usefulness of IT governance reports for stakeholders?

  A. Conduct quarterly audits and adjust reporting based on findings.
  B. Establish a standard process for providing feedback.
  C. Rely on IT leaders to advise when adjustments should be made.
  D. Issue frequent service level satisfaction surveys.
  B. Establish a standard process for providing feedback.

  ---

  The best way to ensure the continued usefulness of IT governance reports for stakeholders is to establish a standard process for providing feedback. This means that the organization should define and communicate the purpose, scope, format, frequency, and distribution of the IT governance reports, and solicit input from the stakeholders on how well the reports meet their information needs and expectations. The feedback process should also include mechanisms for collecting, analyzing, and acting on the feedback, as well as reporting back to the stakeholders on the changes made or planned. This will help to ensure that the IT governance reports are relevant, accurate, timely, and consistent, and that they support the decision-making and accountability of the stakeholders

• Question 169:

  When preparing a new IT strategic plan for board approval, the MOST important consideration is to ensure the plan identifies:

  A. roles and responsibilities that link to IT objectives.
  B. specific resourcing requirements for identified IT projects.
  C. frameworks that will be aligned to IT programs.
  D. implications of the strategy on the procurement process.
  A. roles and responsibilities that link to IT objectives.

  ---

  When preparing a new IT strategic plan for board approval, the MOST important consideration is to ensure the plan identifies roles and responsibilities that link to IT objectives. A well-defined IT strategic plan should clearly articulate the vision, mission, goals, and objectives of the IT function, as well as the strategies and actions to achieve them. However, without assigning roles and responsibilities to the relevant stakeholders, the plan may lack accountability, ownership, and alignment. Therefore, it is crucial to identify who is responsible for what, how they will collaborate and communicate, and how they will be measured and rewarded. This can help to ensure the successful execution and monitoring of the IT strategic plan, as well as the alignment with the business strategy and expectations. The other options are not as important as option A. While it is useful to have specific resourcing requirements, frameworks, and implications of the strategy on the procurement process, these are more operational and tactical aspects that can be determined later in the implementation phase.They are not essential for the board approval of the IT strategic plan, which should focus more on the strategic direction and value proposition of the IT function. References: How to Write an Information Technology (IT) Business Proposal | Examples1 The Role of Board Approval in the Strategic Planning Process - Veralon2 How To Get The Board To Say Yes - Gartner3 The Board's Role in Strategy | WATSON4 Overseeing strategy: A framework for boards of directors - CPA Canada

• Question 170:

  A publicly traded enterprise wants to demonstrate that its board of directors is providing adequate strategic oversight of IT. Which of the following BEST supports this objective?

  A. Annual IT governance communication to all staff.
  B. Press releases targeted at large investors.
  C. Inclusion of IT governance reporting in the annual report.
  D. Annual presentation of IT performance metrics.
  C. Inclusion of IT governance reporting in the annual report.