Isaca CGEIT Online Practice Questions and Exam Preparation

Isaca CGEIT Online Questions & Answers

• Question 521:

  An enterprise's chief information officer (CIO) has been receiving complaints from business executives regarding the amount their units are being charged for IT services. To maintain a good relationship with business peers, the CIO wants to be responsive to these complaints. To address this issue, the FIRST step should be to:

  A. agree to reduce charge rates and improve relationship management with the business.
  B. look into outsourcing of support functions to drive down the cost structure.
  C. ask the chief financial officer (CFO) about budget revisions for the business units' IT expenditures.
  D. quantify consumption and service level agreement (SLA) achievements per business unit.
  D. quantify consumption and service level agreement (SLA) achievements per business unit.

  ---

  The first step to address the issue of complaints from business executives regarding the amount their units are being charged for IT services should be to quantify consumption and service level agreement (SLA) achievements per business unit. This will help the CIO to understand the actual usage and performance of IT services by each business unit, as well as to justify and communicate the chargeback rates based on the value and quality of IT services delivered. Quantifying consumption and SLA achievements can also help identify and address any inefficiencies, discrepancies, or gaps in IT service delivery or chargeback methods. Agreeing to reduce charge rates and improve relationship management with the business, looking into outsourcing of support functions to drive down the cost structure, and asking the CFO about budget revisions for the business units' IT expenditures are possible steps to take after quantifying consumption and SLA achievements, but they are not the first step. Agreeing to reduce charge rates without understanding the underlying causes of the complaints may result in underfunding or underpricing of IT services, which may affect their quality and sustainability. Improving relationship management with the business is important, but it should be based on transparent and accurate information about IT service consumption and chargeback. Looking into outsourcing of support functions may reduce the cost structure, but it may also introduce new risks and challenges for IT governance and management. Asking the CFO about budget revisions may help align IT expenditures with business priorities, but it may not address the root causes of the dissatisfaction with IT chargeback. References: IT Chargeback Drives Efficiency - Uptime Institute Blog; What is IT governance? A formal way to align IT and business strategy; Chargeback vs. IT Governance ?HEIT Management.

• Question 522:

  An enterprise is concerned about the community impact of its data center noise levels. Which of the following is the enterprise's BEST course of action?

  A. Proactively reduce after-hours operations
  B. Pursue acquisition of surrounding properties
  C. Wait for a formal complaint to be filed
  D. Seek input from appropriate stakeholders
  D. Seek input from appropriate stakeholders

  ---

  Thebest governance-aligned approachis toseek input from appropriate stakeholders, including community representatives, environmental groups, and local government. This enables the organization to address concerns proactively and collaboratively, minimizing reputational and regulatory risks. Waiting for complaints or making unilateral decisions (like buying land or reducing hours) may be less effective or even inappropriate without stakeholder input. CGEIT Review Manual: Domain 1 ?Governance of Enterprise IT, Stakeholder Engagement COBIT 2019: EDM05 (Ensure Stakeholder Engagement).

• Question 523:

  A CEO realizes the need to implement IT governance to support the strategic alignment of business and IT goals. Which of the following would BEST enable this initiative?

  A. A RACI chart
  B. An increased IT budget
  C. Well-trained IT staff
  D. Effective culture change
  D. Effective culture change

  ---

  Effective culture change is the process of transforming the values, beliefs, behaviors, and norms of the organization and its stakeholders to support the strategic alignment of business and IT goals. Effective culture change can enable the implementation of IT governance by: Creating a shared vision and understanding of the purpose, benefits, and expectations of IT governance Engaging and empowering the stakeholders to participate and collaborate in IT governance activities and decisions Fostering a culture of trust, transparency, accountability, and responsibility for IT governance outcomes Encouraging a culture of innovation, learning, and improvement for IT governance processes and practices Aligning the incentives and rewards with the IT governance objectives and performance References: According to the CGEIT Review Manual 2022, "Culture is a key enabler for effective IT governance. Culture influences how people behave, communicate, collaborate, and make decisions. Culture also affects how people perceive, value, and use IT. Therefore, culture change is often necessary to implement IT governance successfully." According to the ISACA article on Culture Change: A Critical Success Factor for Effective IT Governance, "Culture change is not an easy task; it requires strong leadership, clear communication, stakeholder involvement, and continuous monitoring and feedback. However, culture change can also bring significant benefits for IT governance, such as improved alignment, engagement, performance, and value creation." According to the CIO article on How to create a culture of innovation in IT, "Creating a culture of innovation in IT requires more than hiring talented people and acquiring the latest technologies. It also requires a shift in mindset, behavior, and structure that fosters creativity, collaboration, experimentation, and learning."

• Question 524:

  When establishing a risk management process which of the following should be the FIRST step?

  A. Determine the probability of occurrence
  B. Identify threats
  C. Identify assets
  D. Assess risk exposures
  C. Identify assets

  ---

  The first step in establishing a risk management process is to identify assets, because assets are the resources that have value to the organization and need to be protected from potential threats. Assets can include physical, human, information, financial, and intangible assets. Identifying assets helps to determine their criticality, ownership, and dependencies, as well as the potential impact of losing or compromising them. According to the ISO 31000:2018 standard, one of the components of the risk management framework is establishing the context, which includes defining the scope, objectives, and criteria for risk management, as well as identifying the internal and external factors that can affect the achievement of objectives. Identifying assets is part of establishing the context. The other steps of the risk management process, such as identifying threats, determining the probability of occurrence, assessing risk exposures, and implementing risk treatments, follow after identifying assets. References: 1: ISO 31000:2018(en), Risk management -- Guidelines

• Question 525:

  Which method BEST enables an enterprise to estimate the benefits of a new Software as a Service (SaaS) application?

  A. Monte Carlo analysis
  B. Total cost of ownership (TCO)
  C. Expected monetary value
  D. Heuristic methods
  C. Expected monetary value

• Question 526:

  In which of the following situations is it acceptable to retain data beyond the stated policy?

  A. The business created an analytics model based on historical records.
  B. There is a high probability that the enterprise will enter into litigation.
  C. New data privacy regulations are expected in a few months.
  D. A core system database is going through an upgrade.
  B. There is a high probability that the enterprise will enter into litigation.

• Question 527:

  The BEST way to ensure an IT steering committee meets enterprise objectives is to:

  A. require a member of the committee to have IT governance expertise.
  B. benchmark against industry best practices.
  C. establish key performance indicators (KPIs).
  D. have key business stakeholders represented on the committee.
  D. have key business stakeholders represented on the committee.

  ---

  According to the web search results, the best way to ensure an IT steering committee meets enterprise objectives is to have key business stakeholders represented on the committee. This is because business stakeholders are the ones who define and own the enterprise objectives, and who can provide the strategic direction, guidance, and support for IT initiatives that align with these objectives. Having key business stakeholders represented on the committee can help to ensure that IT decisions are made in the best interest of the enterprise, and that IT projectsdeliver value and benefits to the business. The other options are less effective than option D, as they do not address the alignment and integration of IT and business objectives. Requiring a member of the committee to have IT governance expertise may be helpful, but not sufficient, to ensure that the committee meets enterprise objectives. IT governance expertise is not a substitute for business knowledge and involvement. Benchmarking against industry best practices may be useful, but not necessary, to ensure that the committee meets enterprise objectives. Industry best practices may not always suit the specific needs and context of the enterprise. Establishing key performance indicators (KPIs) may be important, but not enough, to ensure that the committee meets enterprise objectives. KPIs are metrics that measure the performance and outcomes of IT projects and processes, but they do not guarantee that these projects and processes are aligned with the enterprise objectives. References: What is an IT Steering Committee? ?BMC Software | Blogs IT Governance Committee - The Role and Importance of ... - Exceeders

• Question 528:

  In an enterprise that has worldwide business units and a centralized financial control model, which of the following is a barrier to strategic alignment of business and IT?

  A. Each business unit has its own steering committee for IT investment and prioritization.
  B. Uniform portfolio management is in place throughout the business units.
  C. IT is the exclusive provider of IT services to the business units.
  D. The enterprise's CIO is a member of the executive committee.
  A. Each business unit has its own steering committee for IT investment and prioritization.

  ---

  This is a barrier to strategic alignment of business and IT, as it creates inconsistency and fragmentation in the IT governance process across the enterprise. Strategic alignment of business and IT is the degree of fit and integration among business strategy, IT strategy, business infrastructure, and IT infrastructure. It helps to ensure that IT supports and enables the achievement of the enterprise's goals and objectives, and delivers value to the stakeholders. To achieve strategic alignment, an enterprise needs to have a coherent and coordinated IT governance process that aligns IT with business goals, optimizes IT investments and resources, manages IT risks and opportunities, and measures IT performance and benefits. However, if each business unit has its own steering committee for IT investment and prioritization, this may result in conflicting or competing IT priorities, duplication or waste of IT resources, lack of communication or collaboration among IT stakeholders, or misalignment of IT services and capabilities with business needs and expectations. Therefore, each business unit having its own steering committee for IT investment and prioritization is a barrier to strategic alignment of business and IT. The other options are not barriers to strategic alignment of business and IT, as they are possible enablers or indicators of strategic alignment. Uniform portfolio management is the process of selecting, prioritizing, balancing, and monitoring the IT investments and initiatives that support the enterprise's strategic objectives and deliver value to the stakeholders. Uniform portfolio management can help to align IT with business goals, optimize resource allocation, manage risks and dependencies, and measure performance and benefits. IT being the exclusive provider of IT services to the business units can help to ensure that the IT services are consistent, reliable, secure, and compliant with the enterprise's standards and policies. The enterprise's CIO being a member of the executive committee can help to demonstrate the strategic importance and contribution of IT to the enterprise's success, as well as facilitate the communication and collaboration between IT and business leaders.

• Question 529:

  Which of the following roles is accountable for the confidentiality, integrity and availability of information within an enterprise?

  A. Risk manager
  B. Data owner
  C. Lead legal counsel
  D. Data custodian
  B. Data owner

  ---

  The data owner is the role that is accountable for the confidentiality, integrity, and availability of information within an enterprise, because the data owner is the person who has the authority and responsibility to classify, label, and protect the information assets according to their value and sensitivity. The data owner also defines the business requirements for the information security and ensures that the data custodian implements the appropriate controls to safeguard theinformation. The data owner is also part of the IT governance domain 4: Value Delivery.

• Question 530:

  Which of the following would BEST help to improve an enterprise's ability to manage large IT investment projects?

  A. Creating a change management board
  B. Reviewing and evaluating existing business cases
  C. Implementing a review and approval process for each phase
  D. Publishing the IT approval process online for wider scrutiny
  C. Implementing a review and approval process for each phase

  ---

  Implementing a review and approval process for each phase would best help to improve an enterprise's ability to manage large IT investment projects. This is because a review and approval process can help to ensure that the project is aligned with the business objectives, scope, budget, schedule, quality, and risk criteria at each stage of the project life cycle. A review and approval process can also help to monitor the project progress, performance, and deliverables, as well as identify and resolve any issues or changes that may arise. A review and approval process can also provide transparency, accountability, and governance for the project stakeholders and decision-makers. Creating a change management board is not the best answer, as it is only one aspect of a review and approval process. A change management board is a group of people who are responsible for reviewing, approving, or rejecting change requests that affect the project scope, schedule, cost, or quality. A change management board is important for managing changes in a project, but it is not sufficient or comprehensive for managing large IT investment projects. Reviewing and evaluating existing business cases is not the best answer, as it is only a preliminary step in a review and approval process. A business case is a document that provides the justification and rationale for initiating a project, based on the expected costs, benefits, risks, and value of the project. Reviewing and evaluating existing business cases can help to select and prioritize the most viable and valuable projects for the enterprise, but it is not enough or relevant for managing large IT investment projects. Publishing the IT approval process online for wider scrutiny is not the best answer, as it is only a communication method for a review and approval process. Publishing the IT approval process online can help to increase the visibility, awareness, and understanding of the project requirements, criteria, and procedures among the project stakeholders and participants. Publishing the IT approval process online can also help to solicit feedback, suggestions, or concerns from the wider audience. However, publishing the IT approval process online does not necessarily improve the enterprise's ability to manage large IT investment projects. References: IT Portfolio Management Strategies | Smartsheet, Managing an IT portfolio requires four steps section. Best Practices in Project Management | Smartsheet, Establish ground rules for how the project will move forward section. Government of Canada project management - Canada.ca, These practices include establishing clear accountabilities section. IT Project Management: Concepts, Solutions and Best Practices, What is Integrated Project Management (IPM)? section. 16 Industry Experts Share Best Practices For IT Project Management - Forbes, 1. Limit Work In Progress section.