CGEIT: Certified in the Governance of Enterprise IT Part 1
Question #: 1
Topic #: 1
Which of the following should be the PRIMARY consideration for an enterprise when prioritizing IT projects?
A. Results of IT performance benchmarks against competitors
B. Impact on the business due to expected project outcomes
C. Technical capability of the enterprise to execute the projects
D. Process owner expectations based on operational benefits
Selected Answer: B
———————————————————————-
Question #: 2
Topic #: 1
Senior management finds that too many projects are currently in-progress and all are experiencing expensive project overruns due to lack of resources. Many of the projects also appear to overlap in their objectives and expected outcomes.
Which of the following would BEST streamline the process of evaluating and selecting funding priorities?
A. Portfolio management
B. Value governance
C. Project management
D. Business case development
Selected Answer: A
———————————————————————-
Question #: 3
Topic #: 1
The CEO of a large enterprise has announced the commencement of a major business expansion that will double the size of the organization. IT will need to support the expected demand expansion. The CIO should FIRST:
A. update the IT strategic plan to align with the decision.
B. recruit IT resources based on the expansion decision.
C. review the resource utilization matrix.
D. embed IT personnel in the business units.
Selected Answer: A
———————————————————————-
Question #: 4
Topic #: 1
Portfolio management in a large enterprise BEST enables which of the following?
A. Performance management
B. Risk reduction
C. Value creation
D. Human resource optimization
Selected Answer: C
———————————————————————-
Question #: 5
Topic #: 1
Which of the following BEST defines the IT investment activities an enterprise will undertake when aligning to business goals?
A. Portfolio management
B. Procurement management
C. Project management
D. Risk management
Selected Answer: A
———————————————————————-
Question #: 6
Topic #: 1
Which of the following should be the PRIMARY consideration when implementing IT governance in a small, newly established organization?
A. Approving enterprise architecture and standards
B. Defining IT project management methodology
C. Assigning a budget for IT governance applications
D. Assigning IT roles and responsibilities
Selected Answer: D
———————————————————————-
Question #: 7
Topic #: 1
An internal auditor conducts an assessment of a two-year-old IT risk management program. Which of the following findings should be of MOST concern to the
CIO?
A. Organizational responsibility for IT risk management is not clearly defined.
B. IT risk training records are not properly retained in accordance with established schedules.
C. None of the members of the IT risk management team have risk management-related certifications.
D. Only a few key risk indicators identified by the IT risk management team are being monitored and the rest will be on a phased schedule.
Selected Answer: A
———————————————————————-
Question #: 8
Topic #: 1
An enterprise has discovered that there is significant duplication of IT investments. Which of the following would be MOST helpful in addressing this issue?
A. Establishing an IT steering committee
B. Delegating IT investment decisions to centralized IT
C. Maintaining an inventory of IT investments
D. Increasing the frequency of IT investment audits
Selected Answer: C
———————————————————————-
Question #: 9
Topic #: 1
A regulatory audit assessed an enterprise’s main transactional application as noncompliant. In addition to fines and required corrections, an agreement was reached to implement a set of governance controls over IT. Accountability for these controls is BEST assigned to which of the following?
A. Internal audit director
B. CIO
C. The board of directors
D. Application users
Selected Answer: B
———————————————————————-
Question #: 10
Topic #: 1
An enterprise is planning a change in business direction. As a result, IT risk will significantly increase. Which of the following should be the CIO’s FIRST course of action?
A. Plan for the corresponding IT reorganization.
B. Recommend delaying the business change.
C. Report the risk to executive management.
D. Implement IT changes to align with the plan.
Selected Answer: C
———————————————————————-
Question #: 11
Topic #: 1
Which of the following would be the BEST way for an enterprise to address new legal and regulatory requirements applicable to IT?
A. Benchmark how other IT organizations are treating the new requirements.
B. Adopt a zero-tolerance approach for noncompliance with regulatory matters.
C. Treat as a risk to be assessed before developing a response.
D. Use a cost-benefit analysis to determine if compliance is warranted.
Selected Answer: B
———————————————————————-
Question #: 12
Topic #: 1
Which of the following is MOST critical for sustaining a newly implemented IT governance program?
A. Launch an enterprise-wide IT governance awareness program.
B. Designate a board representative to sponsor the IT governance program.
C. Ensure that there are IT policies, procedures, and standards in place.
D. Benchmark the program periodically against industry peers.
Selected Answer: C
———————————————————————-
Question #: 13
Topic #: 1
An enterprise decides to accept the IT risk of a subsidiary located in another country even though it exceeds the enterprise’s risk appetite. Which of the following would be the BEST justification for this decision?
A. Local market common practices
B. Risk framework alignment
C. Technical gaps among subsidiaries
D. Compliance with local regulations
Selected Answer: D
———————————————————————-
Question #: 14
Topic #: 1
The board of directors of an enterprise has questioned whether the business is focused on optimizing value. The IT strategy committee’s BEST action to address the board’s concern is to:
A. initiate reporting and review of key IT performance metrics.
B. form a technology council to monitor the efficiency of project implementation.
C. conduct a portfolio review to assess the benefits realization of IT investments.
D. conduct a benchmark to assess IT value relative to competitors.
Selected Answer: C
———————————————————————-
Question #: 15
Topic #: 1
Following a merger of two major corporations, the new strategic goal is `One business function. One IT system.` Which of the following should be the FIRST step to achieve this goal?
A. Form a combined IT steering committee.
B. Document requirements for each business function.
C. Create a standard enterprise architecture.
D. Define service level agreements with each business function.
Selected Answer: B
———————————————————————-
Question #: 16
Topic #: 1
A data governance strategy has been defined by the IT strategy committee which includes privacy objectives related to access controls, authorized use, and data collection. Which of the following should the committee do NEXT?
A. Mandate the creation of a data privacy policy.
B. Establish a data privacy budget.
C. Perform a data privacy impact assessment.
D. Mandate data privacy training for employees.
Selected Answer: C
———————————————————————-
Question #: 17
Topic #: 1
Once an IT governance framework has been defined, which of the following is the MOST effective approach to align IT to business objectives?
A. Auditing the alignment of IT to business objectives regularly
B. Reviewing the return on investment of IT initiatives on a regular basis
C. Establishing a cross business unit committee to prioritize IT investment
D. Reporting IT investment and performance to senior management regularly
Selected Answer: C
———————————————————————-
Question #: 18
Topic #: 1
An IT governance committee is defining a risk management policy for a portfolio of IT-enabled investments. Which of the following should be the PRIMARY consideration when developing the policy?
A. Risk appetite of the enterprise
B. Risk management framework
C. Value obtained with minimum risk
D. Possible investment failures
Selected Answer: A
———————————————————————-
Question #: 19
Topic #: 1
A contracted company employs key IT systems operational personnel to oversee technology used to manage a critical line of business. Management is concerned that a mass resignation by many disgruntled personnel may lead to a shutdown of these key systems. Which of the following should be the PRIMARY responsibility of IT governance to address this risk?
A. Renegotiate employment agreements to lessen the likelihood of a mass resignation.
B. Cross train management to assume support of the technology.
C. Develop a resourcing strategy that quickly replaces staff.
D. Survey key support staff to determine what is causing them to be disgruntled.
Selected Answer: C
———————————————————————-
Question #: 20
Topic #: 1
A CIO determines IT investment management processes are not fully realizing the benefits identified in business cases. Which of the following would be the BEST way to prevent this issue?
A. Document lessons learned throughout the investment life cycle.
B. Perform stage-gate reviews throughout the life cycle of each project.
C. Evaluate the delegation of investment approval authorities.
D. Establish a requirement for CIO review and approval of each business case.
Selected Answer: B
———————————————————————-
Question #: 21
Topic #: 1
A multinational enterprise recently purchased a large company located in a different country. When introducing the concept of governance to the new acquisition, it is MOST important that executive management recognize:
A. the use of international standards.
B. language differences.
C. globally recognized good practices.
D. the impact of cultural changes.
Selected Answer: D
———————————————————————-
Question #: 22
Topic #: 1
The MOST effective way to ensure that IT supports the agile needs of an enterprise is to:
A. implement open source systems.
B. outsource infrastructure management.
C. develop a robust enterprise architecture (EA).
D. perform process modeling.
Selected Answer: C
———————————————————————-
Question #: 23
Topic #: 1
From an IT governance perspective, which of the following would be the MOST significant impact of moving all IT applications to an external Software as a Service
(SaaS) cloud provider?
A. The necessity to update key risk indicators (KRIs)
B. The integration of the IT department with business lines
C. The improvement of IT service alignment with business
D. The shift from service delivery to service management
Selected Answer: D
———————————————————————-
Question #: 24
Topic #: 1
Which of the following is the MOST important driver of IT governance?
A. Management transparency
B. Technical excellence
C. Effective internal controls
D. Quality measurement
Selected Answer: C
———————————————————————-
Question #: 25
Topic #: 1
When developing an IT strategic plan that supports an enterprise’s business goals, which of the following should be done FIRST?
A. Understand the current vision.
B. Perform a business impact analysis.
C. Ensure that IT drives business goals.
D. Analyze benchmarking data.
Selected Answer: B
———————————————————————-
Question #: 26
Topic #: 1
Prior to decommissioning an IT system, it is MOST important to:
A. assess compliance with environmental regulations.
B. review the media disposal records.
C. assess compliance with the retention policy.
D. review the data sanitization records.
Selected Answer: D
———————————————————————-
Question #: 27
Topic #: 1
Which of the following entities is structured PRIMARILY to ensure goals and objectives are aligned between IT and the business?
A. Board of directors
B. Portfolio management committee
C. Change advisory board
D. IT strategy committee
Selected Answer: D
———————————————————————-
Question #: 28
Topic #: 1
An enterprise’s IT department has been operating independently without regard to business concerns, leading to misalignment between business and IT. The
BEST way to establish alignment would be to require:
A. business to help define IT goals.
B. IT to define business objectives.
C. business to fund IT services.
D. IT and business to define risks.
Selected Answer: A
———————————————————————-
Question #: 29
Topic #: 1
Which of the following would be MOST helpful in gaining executive support for an IT-enabled business initiative?
A. Framing the discussion in terms of impact to business value
B. Presenting a comprehensive risk management plan
C. Providing examples of risks realized by competitors for similar initiatives
D. Presenting key findings of a business impact analysis conducted by IT managers
Selected Answer: A
———————————————————————-
Question #: 30
Topic #: 1
An enterprise is planning to implement several strategic initiatives that will require the acquisition of new IT systems. Which of the following would BEST enable the IT steering committee to prioritize proposed initiatives based on business objectives?
A. IT strategic management
B. Project management
C. Enterprise architecture management
D. Project portfolio management
Selected Answer: C
———————————————————————-
Question #: 31
Topic #: 1
An IT governance committee recently received a report indicating a scarcity of key IT skills in the marketplace to meet the core needs of the business. Reviewing which of the following would BEST help the committee respond to this situation?
A. IT balanced scorecard
B. Outsourcing strategy
C. IT strategic plan
D. Human resource strategy
Selected Answer: D
———————————————————————-
Question #: 32
Topic #: 1
An enterprise has decided to create its first mobile application. The IT director is concerned about the potential impact of this initiative. Which of the following is the MOST important input for managing the risk associated with this initiative?
A. Business requirements
B. IT risk scorecard
C. Enterprise risk appetite
D. Enterprise architecture (EA)
Selected Answer: A
———————————————————————-
Question #: 33
Topic #: 1
Senior management has made a decision to automate a number of key controls due to concerns that current IT risk controls are overly cumbersome and adversely impacting IT agility. Which of the following should be required FIRST to facilitate this process?
A. Control gap analysis
B. Control self-assessments
C. Controls optimization
D. Cost-benefit analysis
Selected Answer: D
———————————————————————-
Question #: 34
Topic #: 1
The IT function received only 50% of the requested funding to support the IT strategy for new business initiatives. Which of the following is the CIO’s MOST important course of action before considering alternative resource options?
A. Prioritize the portfolio.
B. Terminate less visible maintenance projects.
C. Develop a new balanced scorecard.
D. Conduct a cost-benefit analysis.
Selected Answer: A
———————————————————————-
Question #: 35
Topic #: 1
A business case indicates an enterprise would reduce costs by implementing a bring your own device (BYOD) program allowing employees to use personal devices for e-mail. Which of the following should be the FIRST governance action?
A. Assess the enterprise architecture (EA).
B. Update the BYOD policy.
C. Update the network infrastructure.
D. Assess the BYOD risk.
Selected Answer: A
———————————————————————-
Question #: 36
Topic #: 1
An enterprise has decided to implement an enterprise resource planning (ERP) system to achieve operating and cost efficiencies through global IT standardization. The business units are resistant because they are used to operating autonomously. The CEO has instructed the CIO to move quickly with the implementation to force acceptance with business unit leaders. Which of the following should be the CIO’s FIRST step?
A. Request funding from the CEO to hire ERP consultants.
B. Ask the CEO to be the sponsor of the program.
C. Engage a reluctant business unit to conduct a proof-of-concept pilot.
D. Build a governance framework for identifying non-standard processes.
Selected Answer: C
———————————————————————-
Question #: 37
Topic #: 1
Which of the following is MOST critical to have in place before management can establish an IT risk assessment and response approach?
A. A portfolio of IT investments
B. Defined roles and responsibilities
C. Historic data on risk events
D. A balanced scorecard
Selected Answer: B
———————————————————————-
Question #: 38
Topic #: 1
An IT audit report indicates that a lack of IT employee risk awareness is creating serious security issues in application design and configuration. Which of the following would be the BEST key risk indicator (KRI) to show progress in IT employee behavior?
A. Results of application security testing
B. Results of application security awareness training quizzes
C. Number of reported security incidents
D. Number of IT employees attending security training sessions
Selected Answer: A
———————————————————————-
Question #: 39
Topic #: 1
Which of the following is the MOST important objective of IT program portfolio management?
A. Reduced technology costs
B. Reduced project management costs
C. Improved IT service delivery
D. Appropriate investment mix
Selected Answer: B
———————————————————————-
Question #: 40
Topic #: 1
Despite an adequate training budget, IT staff are not keeping skills current with emerging technologies critical to the enterprise. The BEST way for the enterprise to address this situation would be to:
A. establish an agreed-upon skills development plan with each employee.
B. allow staff to attend technology conferences.
C. create a standard-setting center of excellence.
D. assign human resources (HR) to develop an IT skills matrix.
Selected Answer: D
