Isaca CGEIT Online Practice Questions and Exam Preparation

Isaca CGEIT Online Questions & Answers

• Question 221:

  Which of the following should IT governance mandate before any transition of data from a legacy system to a new technology platform?

  A. Data conversion has documented approvals from business process data owners.
  B. Data conversion is performed in a test environment to confirm correctness
  C. Control totals of key transaction values are matched with data converted for migration.
  D. A crisis management plan has been approved by the IT steering committee
  A. Data conversion has documented approvals from business process data owners.

  ---

  Data conversion is the process of transforming data from one format or system to another. It is a critical activity in any data migration or integration project, as it affects the quality, accuracy, and usability of the data. Therefore, IT governance should mandate that data conversion has documented approvals from business process data owners, who are the stakeholders responsible for defining and maintaining the data requirements, standards, and quality for their respective business processes. This ensures that the data conversion meets the business needs and expectations, as well as complies with the relevant policies and regulations.

• Question 222:

  An organization requires updates to their IT infrastructure to meet business needs. Which of the following will provide the MOST useful information when planning for the necessary IT investments?

  A. Enterprise architecture (EA)
  B. Risk assessment report
  C. Business user satisfaction metrics
  D. Audit findings
  A. Enterprise architecture (EA)

  ---

  This is because enterprise architecture (EA) is a practice that helps organizations align their IT systems and processes with their business objectives. EA provides a holistic and integrated viewof the current and future state of the organization's IT infrastructure, as well as the gaps, issues, and opportunities for improvement. By using EA, the organization can: Identify and prioritize the IT investments that support the business strategy, goals, and needs Optimize the IT spending and maximize the IT value1 Ensure the IT quality, security, and compliance Avoid IT duplication, waste, and inefficiency Define IT roles and responsibilities and assign accountability1 EA can help the organization plan for the necessary IT investments in a systematic and structured way, and ensure that they are aligned with the business vision and value. The other options, risk assessment report, business user satisfaction metrics, and audit findings are not as useful as enterprise architecture (EA) for planning for the necessary IT investments. They are more related to the evaluation and monitoring of the IT performance, rather than the planning and alignment of the IT strategy. They may also provide limited or partial information about the IT infrastructure, rather than a comprehensive and integrated view. They may also depend on external factors or standards that may not be relevant or applicable to the organization's specific context and needs.

• Question 223:

  Which of the following BEST indicates that a change management process has been implemented successfully?

  A. Maturity levels
  B. Degree of control
  C. Process performance
  D. Outcome measures
  D. Outcome measures

  ---

  Outcome measures are tools used to assess the effect, both positive and negative, of an intervention or treatment. Outcome measures can indicate whether a change management process has been implemented successfully by comparing the actual results of the change with the expected or desired results. Outcome measures can also help evaluate the impact of the change on the organization's performance, quality, and value. The other options are not the best indicators of successful change management implementation. Maturity levels are a way of assessing the degree of development and sophistication of a process, but they do not necessarily reflect the outcomes or benefits of the process4. Degree of control is a measure of how well aprocess is managed and monitored, but it does not capture the effectiveness or efficiency of the process. Process performance is a measure of how well a process meets its objectives and requirements, but it does not account for the outcomes or consequences of the process. References: 3: https://www.physio-pedia.com/Outcome_Measures 2: https://www.isc.hbs.edu/Documents/pdf/2020-outcome-measurement-feeley.pdf 1: https://en.wikipedia.org/wiki/Outcome_measure 4: https://www.coursera.org/articles/change-management-process https://www.sciencedirect.com/topics/engineering/degree-of-control https://www.sciencedirect.com/topics/engineering/process-performance

• Question 224:

  Which of the following would be the BEST way for an IT steering committee to monitor the adoption of a new enterprise IT strategy?

  A. Establish key performance indicators (KPIs).
  B. Establish key risk indicators (KRIs).
  C. Schedule ongoing audit reviews.
  D. Implement service level agreements (SLAs)
  A. Establish key performance indicators (KPIs).

  ---

  The best way for an IT steering committee to monitor the adoption of a new enterprise IT strategy is to establish key performance indicators (KPIs), because they are metrics that measure the progress and achievement of the IT strategic objectives and goals, and provide feedback and guidance for improvement. KPIs can help the IT steering committee to track and evaluate the performance and outcomes of the IT function, and to ensure that the IT activities and resources are aligned with the business needs and expectations. KPIs can also help to communicate and report the IT value delivery and innovation to the board and other stakeholders. References: ISACA, CGEIT Review Manual, 7th Edition, 2019, page 43-44.

• Question 225:

  When establishing an enterprise data model, the BEST way to ensure the integrity of data is to:

  A. classify information using an agreed-upon schema.
  B. implement the highest level of protection to data across the enterprise.
  C. establish a privileged access management platform.
  D. implement a data loss prevention (DLP) program.
  A. classify information using an agreed-upon schema.

  ---

  Classifying information using an agreed-upon schema is the best way to ensure the integrity of data when establishing an enterprise data model. A schema is a logical structure that defines how data is organized, stored, and accessed. By using a common schema across the enterprise, data can be standardized, validated, and integrated more easily and consistently. A schema also helps to avoid data duplication, inconsistency, and ambiguity, which can compromise data integrity. References: What Is an Enterprise Data Model? [+ Examples] - HubSpot Blog

• Question 226:

  IT has launched new portfolio management policies and processes to improve the alignment of IT projects with enterprise goals. The latest audit report indicates that no improvement has been made due to confusion in the decision-making process. Which of the following is the BEST course of action for the CIO?

  A. Deliver prioritization and facilitation training.
  B. Implement a performance management framework.
  C. Create an IT portfolio management risk framework.
  D. Develop and communicate an accountability matrix.
  D. Develop and communicate an accountability matrix.

  ---

  The best course of action for the CIO is to develop and communicate an accountability matrix. An accountability matrix, also known as a responsibility assignment matrix, is a project management tool that defines the roles and responsibilities of different stakeholders in a project or process1 An accountability matrix can help to clarify who is responsible, accountable, consulted, and informed (RACI) for each task or deliverable, and avoid confusion and ambiguity in the decision-making process2 By developing and communicating an accountability matrix, the CIO can ensure that the IT portfolio management policies and processes are understood and followed by all the relevant parties, and that the IT projects are aligned with the enterprise goals. References: RACI Matrix: Responsibility Assignment Matrix Guide 20233, Responsibility assignment matrix - Wikipedia2, Accountability Matrix - Explained - The Business Professor, LLC1

• Question 227:

  Which of the following should be done FIRST when designing an IT balanced scorecard?

  A. Develop key performance indicators (KPIs).
  B. Communicate to stakeholders
  C. Analyze the business strategy.
  D. Review the IT resource plan.
  C. Analyze the business strategy.

  ---

  An IT balanced scorecard (BSC) is a tool that helps align IT goals and performance with the business strategy and vision. The first step in designing an IT BSC is to analyze the business strategy and understand its objectives, priorities, and challenges. This will help identify the key stakeholders, customers, and value propositions of the IT function, as well as the critical success factors and risks that affect IT performance. Analyzing the business strategy will also help define the scope and purpose of the IT BSC, and establish the linkages between the IT goals and the business goals. Analyzing the business strategy should be done before developing key performance indicators (KPIs), communicating to stakeholders, or reviewing the IT resource plan, as these steps depend on the clarity and alignment of the business strategy.

• Question 228:

  Of the following, who should approve the criteria for information quality within an enterprise?

  A. Information architect
  B. Information analyst
  C. Information steward
  D. Information owner
  D. Information owner

  ---

  Information owners are responsible for defining the quality criteria for information within their domain, based on business requirements and stakeholder expectations. Information owners are also accountable for ensuring that information quality is maintained and improved. References: COBIT 5: Enabling Information, chapter 4, section 4.2.1

• Question 229:

  A board of directors has mandated that key performance indicators (KPIs) be developed for all IT projects that are created in support of a business objective. Which of the following MUST be reflected in the KPIs to be effective?

  A. Future-state architecture
  B. Critical success factors (CSFs)
  C. Portfolio management principles
  D. Key risk indicators (KRIs)
  B. Critical success factors (CSFs)

  ---

  Critical success factors (CSFs)are the specific conditions or variables that are essential for achieving business objectives. Effective KPIs must align with these CSFs to ensure they measure what truly matters to project and business success. KRIs relate to risk, and while important, they serve a different purpose. Future-state architecture and portfolio principles guide strategy, butCSFs provide the foundational context for performance measurement. CGEIT Review Manual: Domain 3 ?Benefits Realization and Performance Measurement COBIT 2019: BAI01 (Manage Programs and Projects), MEA01 (Monitor, Evaluate and Assess Performance and Conformance).

• Question 230:

  While assessing the feasibility of introducing new IT practices and standards into the IT governance framework, it is CRITICAL to understand an organization's:

  A. culture.
  B. level of outsourcing.
  C. enterprise architecture (EA).
  D. maturity of IT processes.
  A. culture.

  ---

  Culture is the most critical factor to understand while assessing the feasibility of introducing new IT practices and standards into the IT governance framework, because it influences the behavior, values, and beliefs of the organization and its stakeholders. Culture affects how IT governance is perceived, implemented, and evaluated in the organization. A mismatch between the organizational culture and the IT governance framework can lead to resistance, conflict, and poor performance. Therefore, it is essential to assess the current culture of the organization and its readiness for change before introducing new IT practices and standards. References: The Influence of Organizational Culture in Application of Information Technology Governance, The Value of IT Governance, Organisational Governance Explained: The Keys to Success