Isaca CGEIT Online Practice Questions and Exam Preparation

Isaca CGEIT Online Questions & Answers

• Question 351:

  A rail transport company has the worst on-time arrival record in the industry due to an antiquated IT system that controls scheduling. Despite employee resistance, an initiative lo upgrade the technology and related processes has been approved. To maximize employee engagement throughout the project, which of the following should be in place prior to the start of the initiative?

  A. Procurement management plan
  B. Organizational change management plan
  C. Risk response plan
  D. Resource management plan
  B. Organizational change management plan

  ---

  An organizational change management plan is the best option to have in place prior to the start of an initiative to upgrade the technology and related processes of a rail transport company that has the worst on-time arrival record in the industry due to an antiquated IT system that controls scheduling. An organizational change management plan is a document that outlines the strategy, approach, and actions for managing and implementing a change within an organization. It helps to prepare the organization and its stakeholders for the change, communicate the vision and benefits of the change, address the potential resistance and challenges of the change, and monitorand evaluate the progress and outcomes of the change. An organizational change management plan is especially important for a project that involves a significant technological and process change that may impact the culture, performance, and satisfaction of the employees. By having an organizational change management plan in place before the start of the initiative, the rail transport company can maximize employee engagement throughout the project, and ensure a smooth and successful transition to the new IT system and processes

• Question 352:

  Which of the following roles should approve major IT purchases to help prevent conflicts of interest?

  A. IT steering committee
  B. Chief information officer (CIO)
  C. Chief compliance officer
  D. Project management office (PMO)
  A. IT steering committee

  ---

  because this is a role that should approve major IT purchases to help prevent conflicts of interest. An IT steering committee is a group of senior executives and board members who are responsible for overseeing and directing the IT function and ensuring that it aligns with the enterprise's vision, mission, goals, and strategy. An IT steering committee should approve major IT purchases, such as hardware, software, services, or projects, to ensure that they are justified, prioritized, and aligned with the business needs and expectations, and that they deliver value and performance to the enterprise. An IT steering committee should also ensure that the IT procurement process is transparent, fair, and ethical, and that there are no conflicts of interest or undue influence from the IT vendors or suppliers

• Question 353:

  The board of directors of an enterprise has questioned whether the business is focused on optimizing value. The IT strategy committees' BEST action to address the board's concern is to:

  A. initiate reporting and review of key IT performance metrics.
  B. conduct a portfolio review to assess the benefits realization of IT investments.
  C. conduct a benchmark to assess IT value relative to competitors.
  D. form a technology council to monitor the efficiency of project implementation.
  B. conduct a portfolio review to assess the benefits realization of IT investments.

  ---

  This is because a portfolio review is a process of evaluating the performance and value of IT investments in relation to the business objectives and strategy. A portfolio review can help to identify the alignment, contribution, and optimization of IT investments, as well as the risks, issues, and opportunities for improvement. A portfolio review can also help to communicate and demonstrate the value of IT to the board and other stakeholders, as well as to support decision-making and prioritization of IT resources. Some of the sources that support this answer are: 1: This source explains the value of IT governance and how it can help to optimize risk and manage resources to support the organization's mission, goals, and objectives. It also discusses some of the governance enablers, such as principles, processes, and policies, that can help to align IT with the business context. 2: This source provides a research-based methodology to improve IT governance and drive business results. It suggests that conducting a portfolio review is one of the steps to redesign the governance framework and ensure that IT investments are aligned with the business strategy and deliver value. 3: This source defines IT portfolio management as a discipline that enables organizations to manage their IT investments as a collection of projects, programs, and services that contribute to the enterprise's strategic goals. It also describes some of the benefits of IT portfolio management, such as improving alignment, optimizing value, reducing risk, and enhancing transparency.

• Question 354:

  An enterprise wants to implement metrics to monitor the performance of its IT portfolio. Whose input is MOST important to consider when establishing these metrics?

  A. Project management office (PMO).
  B. IT executives.
  C. The chief executive officer (CEO).
  D. Business unit stakeholders.
  D. Business unit stakeholders.

• Question 355:

  An IT steering committee is concerned about staff saving data files containing sensitive corporate information on publicly available cloud file storage applications. Which of the following should be done FIRST to address this concern?

  A. Create a secure corporate cloud file storage and sharing solution.
  B. Block corporate access to cloud file storage applications.
  C. Require staff training on data classification policies.
  D. Revise the data management policy to prohibit this practice.
  C. Require staff training on data classification policies.

  ---

  To address concerns about staff saving sensitive corporate information on publicly available cloud file storage applications, the first step should be to require staff training on data classification policies. Educating employees about the types of data classified as sensitive and the associated handling requirements helps to raise awareness and change behavior. Training should emphasize the importance of protecting sensitive information and the proper use of approved storage solutions. While creating secure storage solutions, blocking access to certain applications, and revising policies are important measures, education and awareness are fundamental first steps to ensure compliance and mitigate risks.

• Question 356:

  To develop appropriate measures to improve organizational performance, the measures MUST be:

  A. a result of benchmarking and comparative analysis.
  B. accepted by and meaningful to the stakeholders.
  C. based on existing and validated data sources.
  D. approved by the IT steering committee.
  B. accepted by and meaningful to the stakeholders.

  ---

  To develop appropriate measures to improve organizational performance, the measures must be accepted by and meaningful to the stakeholders, because they are the ones who will use the measures to monitor and evaluate the achievement of the enterprise's objectives and goals. Themeasures should be relevant, reliable, valid, and understandable for the stakeholders, and aligned with their expectations and needs . References: ISACA, CGEIT Review Manual, 7th Edition, 2019, page 43-44.

• Question 357:

  When developing an IT governance framework, it is MOST important for an enterprise to consider:

  A. information technology risk.
  B. framework development cost.
  C. information technology strategy.
  D. stakeholders' support.
  D. stakeholders' support.

  ---

  IT governance is the process of ensuring that IT supports and enables the achievement of the enterprise's goals and objectives, and delivers value to the stakeholders. Stakeholders are the individuals or groups that have a stake in the success or failure of IT governance, such as board members, senior management, business units, IT function, customers, suppliers, regulators, and society. By considering stakeholders' support, an enterprise can ensure that the IT governance framework is aligned with and driven by the stakeholders' needs, expectations, and interests. Stakeholders' support can also help to facilitate the communication, collaboration, and decision-making processes among the IT governance participants, and to gain their commitment and buy-in for the IT governance implementation and improvement. The other options are not as important as stakeholders' support, as they are either specific aspects or outcomes of IT governance, but not comprehensive factors. Information technology risk is the potential for negative consequences due to the use or misuse of IT within an enterprise. Information technology risk can affect the IT governance framework, but it is not the most important factor to consider, as it is only one of the many elements that influence ITgovernance. Framework development cost is the amount of money and resources required to design and implement the IT governance framework. Framework development cost can affect the IT governance framework, but it is not the most important factor to consider, as it is only one of the many criteria that evaluate IT governance. Information technology strategy is the plan that defines how the IT function supports and enables the overall business strategy and objectives of an enterprise. Information technology strategy can affect the IT governance framework, but it is not the most important factor to consider, as it is only one of the many components that constitute IT governance

• Question 358:

  Which of the following should be the MOST important consideration when designing an implementation plan for IT governance?

  A. Principles and policies
  B. Roles and responsibilities
  C. Risk tolerance levels
  D. Organizational culture
  D. Organizational culture

  ---

  Organizational culture is the most important consideration when designing an implementation plan for IT governance, because it influences the ethics, values, behaviors, and attitudes of the people involved in the governance process. Organizational culture also affects the acceptance, adoption, and sustainability of the IT governance framework and practices. According to COBIT 5, one of the seven enablers of IT governance is culture, ethics and behavior. The roadmap for implementing and improving IT governance also emphasizes the importance of understanding and addressing the cultural and behavioral aspects of the enterprise. References: 1: COBIT 5: A Business Framework for the Governance and Management of Enterprise IT, ISACA, page 312: A Roadmap for Implementing and Improving IT Governance

• Question 359:

  An enterprise considers implementing a system that uses a technology that is not in line with its IT strategy. The business case indicates significant benefit to the enterprise. Which of the following is the BEST way to manage this situation within an IT governance framework?

  A. Update the IT strategy to align with the new technology.
  B. Initiate an operational change request.
  C. Reject based on non-alignment.
  D. Address as part of an architecture exception process.
  D. Address as part of an architecture exception process.

  ---

  An architecture exception process is a mechanism to handle requests for deviations from the established IT architecture policies or standards. It allows the enterprise to evaluate the business case, risks, benefits, and alternatives of implementing a system that uses a technology that is not in line with its IT strategy. It also enables the enterprise to define the conditions, limitations, and timelines for granting or denying the exception. According to one of the web search results, "requests for exceptions to any architectural policy or standard use this process" and "the decision may include a deadline for removing the need for the exception, constraints on future projects, or similar terms." Addressing the situation as part of an architecture exception process is the best way to manage it within an IT governance framework, as it provides a structured andtransparent way to balance the business needs and the IT alignment. Updating the IT strategy to align with the new technology, initiating an operational change request, or rejecting based on non-alignment are not the best ways to manage the situation within an IT governance framework. They are more likely to be either too rigid or too reactive, and may not consider the trade-offs or implications of the decision.

• Question 360:

  Which of the following should senior management do FIRST when developing and managing digital applications for a new enterprise?

  A. Establish an architecture review board.
  B. Define the risk appetite
  C. Develop key risk indicators (KRIs).
  D. Implement a sourcing program.
  B. Define the risk appetite

  ---

  According to the CGEIT exam guide, the risk appetite is the amount and type of risk that an enterprise is willing to accept in pursuit of its objectives. It is a key element of the IT governance framework and should be defined by senior management before developing and managing digital applications for a new enterprise. The risk appetite provides the basis for establishing the risk management strategy, policies and processes, as well as the risk culture and awareness of the enterprise. References: CGEIT Exam Candidate Guide, page15. CGEIT Certification