Isaca CGEIT Online Practice Questions and Exam Preparation

Isaca CGEIT Online Questions & Answers

• Question 211:

  The board directed the CIO to ensure that required IT resources are available to execute a new enterprise strategy. Which of the following should be done FIRST to support this initiative?

  A. Implement an IT capability strategy
  B. Perform a gap analysis
  C. Develop a capacity management plan
  D. Develop a resource management plan
  B. Perform a gap analysis

  ---

  Performing a gap analysisis the first step in understanding whether existing IT capabilities and resources are sufficient to meet the demands of a new enterprise strategy. A gap analysiscompares current capabilities with the strategic requirements, identifying shortfalls in skills, infrastructure, processes, and other resources. Only after identifying the gaps can appropriate planning (e.g., capacity management, capability strategy, resource management) be effectively initiated. CGEIT Review Manual: Domain 3 ?IT Resources:";A gap analysis is a critical first step in strategic alignment, ensuring that resource planning is data-driven and goal-oriented." COBIT 2019 Focus Area: Enterprise Strategy Alignment and Design Factors.

• Question 212:

  An IT strategy committee wants to ensure stakeholders understand who owns each strategic objective. To enable this understanding, which of the following should be communicated to stakeholders?

  A. A RACI chart
  B. The strategic plan
  C. Performance measure
  D. Risk owners
  A. A RACI chart

  ---

  A RACI chart is a tool that assigns roles and responsibilities for each strategic objective, using the acronym RACI to denote who is Responsible, Accountable, Consulted, and Informed for each objective. A RACI chart can help stakeholders understand who owns each strategic objective, who is involved in its execution, and who needs to be updated on its progress and outcomes. A RACI chart can also help avoid confusion, duplication, or conflict among stakeholders, and ensure clear communication and accountability for each objective.

• Question 213:

  Which of the following would be MOST useful for prioritizing IT improvement initiatives to achieve desired business outcomes?

  A. Budget variance analysis
  B. Enterprise architecture (EA)
  C. IT skills matrix
  D. Portfolio management
  D. Portfolio management

  ---

  Portfolio management is the most useful technique for prioritizing IT improvement initiatives to achieve desired business outcomes. Portfolio management is the process of selecting, prioritizing, balancing, and monitoring the IT investments and initiatives that support the enterprise's strategic objectives and deliver value to the stakeholders. Portfolio management helps to align IT with business goals, optimize resource allocation, manage risks and dependencies, and measure performance and benefits. By applying portfolio management, an enterprise can ensure that the IT improvement initiatives are consistent with its vision, mission, values, and priorities, and that they contribute to the desired business outcomes. References: CGEIT Review Manual (Digital Version) or CGEIT Review Manual (Print Version), Chapter 3: Benefits Realization, Section 3.1: IT Portfolio Management, Page 83-84. What is IT portfolio management? A framework for aligning technology and business.

• Question 214:

  An enterprise plans to expand into new markets in countries lacking data privacy regulations, increasing risk exposure. Which of the following is the BEST course of action for the CIO?

  A. Identify business risk appetite and tolerance levels.
  B. Quantify the risk impact and evaluate possible countermeasures.
  C. Limit the personal data available to the high-risk countries.
  D. Mandate the strengthening of user access controls.
  A. Identify business risk appetite and tolerance levels.

  ---

  The best course of action for the CIO in this scenario is to identify business risk appetite and tolerance levels. Risk appetite is the amount and type of risk that an organization is willing to pursue, retain, or take in order to achieve its strategic objectives. Risk tolerance is the acceptable level of variation from the risk appetite. By identifying the business risk appetite and tolerance levels, the CIO can align the IT strategy and operations with the business goals, needs, and expectations, and ensure that the IT risks are managed within the acceptable boundaries. Identifying the business risk appetite and tolerance levels can also help the CIO to communicate and justify the IT decisions and actions to the senior management, board, and stakeholders, and to balance the costs and benefits of IT investments and initiatives. According to CPG 235 Managing Data Risk, "The adequacy of data controls in ensuring that a regulated entity operates within its risk appetite would normally be assessed as part of introducing new business processes and then on a regular basis thereafter (or following material change to either the process, usage of data, internal controls or external environments)."

• Question 215:

  Which of the following is the GREATEST consideration when evaluating whether to comply with the new carbon footprint regulations impacted by blockchain technology?

  A. The enterprise's organizational structure
  B. The enterprise's risk appetite
  C. The current IT process capability maturity
  D. The IT strategic plan
  B. The enterprise's risk appetite

  ---

  The greatest consideration when evaluating whether to comply with new carbon footprint regulations impacted by blockchain technology is the enterprise's risk appetite. This involves understanding the level of risk the organization is willing to accept in relation to the potential environmental impact and regulatory compliance requirements associated with blockchain technology. The organization's risk appetite guides decision-making processes, influencing whether to invest in more sustainable practices or technologies, or to accept the risks associated with non-compliance. While the organizational structure, IT process capability maturity, and the IT strategic plan are relevant, the risk appetite is the key factor in determining the approach to compliance with environmental regulations.

• Question 216:

  Which of the following are PRIMARY factors in ensuring the success of an enterprise quality assurance program?

  A. Enterprise risk appetite and tolerance
  B. Risk management and control frameworks
  C. Continuous improvement plans
  D. A process maturity framework and documented procedures
  D. A process maturity framework and documented procedures

  ---

  A process maturity framework and documented procedures are primary factors in ensuring the success of an enterprise quality assurance program because they provide a clear and consistent way of measuring, monitoring, and improving the quality of the processes and products. A process maturity framework, such as the Capability Maturity Model Integration (CMMI), defines the levels of maturity and the best practices for each level. Documented procedures, such as standard operating procedures (SOPs), define the steps, roles, responsibilities, and tools for each process. These factors help to ensure that the quality assurance program is aligned with the business objectives, customer expectations, and industry standards.

• Question 217:

  A CIO of an enterprise is concerned that IT and the business have different priorities. Which of the following would BEST demonstrate the current state of strategic alignment?

  A. IT maturity model
  B. Business case
  C. Balanced scorecard
  D. IT investment status
  C. Balanced scorecard

  ---

  A balanced scorecard is a tool that would best demonstrate the current state of strategic alignment, because it is a framework that translates the enterprise's vision and strategy into a set of performance measures that cover four perspectives: financial, customer, internal business process, and learning and growth. A balanced scorecard can help to assess how well the IT function is supporting the business objectives, and identify the gaps and opportunities for improvement. A balanced scorecard can also help to communicate and monitor the IT strategy and goals, and align the IT activities and resources with the business needs and expectations .

• Question 218:

  An IT investment review board wants to ensure that IT will be able to support business initiatives. Each initiative is comprised of several interrelated IT projects. Which of the following would help ensure that the initiatives meet their goals?

  A. Review of project management methodology
  B. Review of the business case for each initiative
  C. Establishment of portfolio management
  D. Verification of initiatives against the architecture
  C. Establishment of portfolio management

  ---

  Portfolio management is the process of selecting, prioritizing, and managing a collection of projects, programs, and initiatives that align with the strategic goals and objectives of an organization. Portfolio management can help to ensure that the IT initiatives meet their goals, by providing a holistic and integrated view of the IT investments, resources, and outcomes. Portfolio management can also help to optimize the value and benefits of the IT initiatives, by balancing the risks, costs, and dependencies among them. Portfolio management can also help to monitor and control the performance and progress of the IT initiatives, by using metrics, indicators, and reports. References: What is Portfolio Management? Definition and Examples. A Guide to IT Portfolio Management | Adobe Workfront. IT Portfolio Management: Importance, How-To Steps and Tips.

• Question 219:

  Before an IT strategy committee can approve an IT risk assessment framework, which of the following is MOST important to have established?

  A. An enterprise risk mitigation strategy
  B. Leading and lagging risk indicators
  C. IT performance metrics and standards
  D. Enterprise definitions for risk impact and probability
  D. Enterprise definitions for risk impact and probability

  ---

  Before an IT strategy committee can approve an IT risk assessment framework, the most important thing to have established is enterprise definitions for risk impact and probability. This is because a risk assessment framework is an approach for prioritizing and sharing information about the security risks posed to an information technology organization. To do this effectively, the organization needs to have a common understanding of how to measure and communicate the likelihood and consequences of different risks. Without consistent definitions for risk impact and probability, the risk assessment framework might not be aligned with the enterprise's risk appetite and tolerance, and might not provide meaningful or actionable results. References: Risk Assessment Framework (RAF) - CIO Wiki1, IT Risk Resources | ISACA2, 5 IT risk assessment frameworks compared | CSO Online

• Question 220:

  An IT strategy committee wants to evaluate how well the IT department supports the business strategy. Which of the following is the BEST method for making this determination?

  A. Capability maturity assessment
  B. Customer survey analysis
  C. IT balanced scorecard reporting
  D. IT controls assurance program
  C. IT balanced scorecard reporting

  ---

  The BEST method for the IT strategy committee to evaluate how well the IT department supports the business strategy is to use IT balanced scorecard reporting. An IT balanced scorecard (BSC) is a strategic management tool that translates the IT vision and mission intomeasurable objectives, indicators, targets, and initiatives across four perspectives: financial, customer, internal process, and learning and growth. An IT balanced scorecard reporting is a process of collecting, analyzing, and communicating the performance data and results of the IT department based on the IT BSC framework. An IT balanced scorecard reporting can help to: Align the IT objectives and activities with the business strategy and expectations Monitor and evaluate the efficiency, effectiveness, and value of the IT department Identify the strengths, weaknesses, opportunities, and threats of the IT department Communicate and demonstrate the contribution and impact of the IT department to the business outcomes Therefore, an IT balanced scorecard reporting is the most suitable method for the IT strategy committee to assess how well the IT department supports the business strategy. The other options are not as good as option C. While it is useful to conduct a capability maturity assessment, a customer survey analysis, or an IT controls assurance program, these are not comprehensive enough to evaluate how well the IT department supports the business strategy. They are rather focused on specific aspects of the IT department, such as its processes, services, or controls. They do not necessarily cover all four perspectives of the IT BSC framework, which provide a holistic view of the IT performance and alignment with the business strategy. References: The IT Balanced Scorecard (BSC) Explained - BMC Software1 What Is a Balanced Scorecard (BSC), How Is it Used in Business?2 How to Align Your Business Strategy with Your Technology Strategy ...3 How to Measure Your Strategic Plan's Success - dummies SWOT Analysis: What It Is and When to Use It - Business News Daily How to Communicate Strategy Effectively - ClearPoint Strategy