CGEIT: Certified in the Governance of Enterprise IT Part 2
Question #: 41
Topic #: 1
The PRIMARY reason a CIO and IT senior management should stay aware of the business environment is to:
A. measure efficiency of IT resources.
B. revisit prioritization of IT projects.
C. re-assess the IT investment portfolio.
D. adjust IT strategy as needed.
Selected Answer: A
———————————————————————-
Question #: 42
Topic #: 1
To enable consistent assessment of candidate program investments for inclusion into the IT portfolio, it is MOST important to identify:
A. an IT balanced scorecard.
B. the impact on enterprise architecture.
C. common selection criteria.
D. currently available resources.
Selected Answer: A
———————————————————————-
Question #: 43
Topic #: 1
What information is MOST important to include when reporting key risk indicators to the board of directors?
A. The effect of emerging risk trends on current risk exposure
B. Risk appetite, risk threshold and risk tolerance
C. Classification of current business risk
D. Costs and resource needs related to risk mitigation measures
Selected Answer: B
———————————————————————-
Question #: 44
Topic #: 1
An enterprise has a large backlog of IT projects. The current strategy is to execute projects as they are submitted, but executive management does not believe this method is optimal. Which of the following is the MOST important action to address this concern?
A. Establish a performance dashboard that determines business value.
B. Create a combined business/IT committee to determine project prioritization.
C. Implement a methodology to prioritize projects based on resource availability.
D. Implement stage-gating to determine the value of each project.
Selected Answer: B
———————————————————————-
Question #: 45
Topic #: 1
Which of the following is MOST critical to support IT governance cultural changes within an organization?
A. IT governance process manuals
B. Regularly scheduled governance training
C. Demonstrated management commitment
D. Established IT monitoring and measuring
Selected Answer: C
———————————————————————-
Question #: 46
Topic #: 1
An enterprise has decided to use third-party software for a business process which is hosted and supported by the same third party. The BEST way to provide quality of service oversight would be to establish a process:
A. to qualify service providers.
B. for enterprise architecture updates.
C. for robust change management.
D. for periodic service provider audits.
Selected Answer: D
———————————————————————-
Question #: 47
Topic #: 1
In a successful enterprise that is profitable in its marketplace and consistently growing in size, the non-IT workforce has grown by 50% in the last two years. The demand for IT staff in the marketplace is more than the supply, and the enterprise is losing staff to rival organizations. Due to the rapid growth, IT has struggled to keep up with the enterprise, and IT procedures and associated job roles are not well-defined. The MOST critical activity for reducing the impact caused by IT staff turnover is to:
A. outsource the IT operation.
B. increase compensation for IT staff.
C. hire temporary staff.
D. document processes and procedures.
Selected Answer: B
———————————————————————-
Question #: 48
Topic #: 1
A large enterprise has been experiencing high turnover of skilled IT personnel, resulting in a significant loss of knowledge within the IT department. Which of the following should be done FIRST to address this problem?
A. Conduct a survey of current IT staff.
B. Revise the IT resource management plan.
C. Update human resources policies and practices.
D. Develop an incentive scheme for IT employees.
Selected Answer: A
———————————————————————-
Question #: 49
Topic #: 1
A newly established IT steering committee is concerned whether or not a system is meeting availability objectives. Which of the following will provide the BEST information to make an assessment?
A. Critical success factors
B. Balanced scorecard
C. Performance indicators
D. Capability maturity levels
Selected Answer: D
———————————————————————-
Question #: 50
Topic #: 1
Following a major IT incident that resulted in a loss to the enterprise, a CIO is preparing for a meeting with the board of directors to discuss what may have failed internally. Which of the following should the CIO do FIRST to provide assurance to the board?
A. Review the IT control environment.
B. Ensure IT and enterprise risk management alignment.
C. Review the incident response policy.
D. Verify continuous monitoring is being performed.
Selected Answer: A
———————————————————————-
Question #: 51
Topic #: 1
Which of the following is the PRIMARY ongoing responsibility of the IT governance function related to risk?
A. Responding to and controlling all IT risk events
B. Verifying that all business units have staff skilled at assessing risk
C. Communicating the enterprise risk management plan
D. Ensuring IT risk management is aligned with business risk appetite
Selected Answer: C
———————————————————————-
Question #: 52
Topic #: 1
Which of the following is the BEST outcome measure to determine the effectiveness of IT risk management processes?
A. Time lag between when IT risk is identified and the enterprise’s response
B. Percentage of business users satisfied with the quality of risk training
C. Frequency of updates to the IT risk register
D. Number of events impacting business processes due to delays in responding to risks
Selected Answer: A
———————————————————————-
Question #: 53
Topic #: 1
The BEST way for a CIO to monitor the alignment between the business and IT strategy is to regularly review:
A. IT services supporting business processes.
B. the balanced scorecard.
C. key risk indicators (KRIs).
D. the risk register.
Selected Answer: B
———————————————————————-
Question #: 54
Topic #: 1
Which of the following is PRIMARILY achieved through performance measurement?
A. Process improvement
B. Benefit realization
C. Cost efficiency
D. Transparency
Selected Answer: B
———————————————————————-
Question #: 55
Topic #: 1
While assessing the feasibility of introducing new IT practices and standards into the IT governance framework, it is CRITICAL to understand an organization’s:
A. maturity of IT processes.
B. culture.
C. enterprise architecture.
D. level of outsourcing.
Selected Answer: B
———————————————————————-
Question #: 56
Topic #: 1
A new IT initiative is delivered successfully. Which of the following should be updated to reflect the new technology?
A. Balanced scorecard
B. IT strategy
C. IT tactical plan
D. Enterprise architecture
Selected Answer: D
———————————————————————-
Question #: 57
Topic #: 1
The MOST beneficial aspect of utilizing an IT risk management framework is that it:
A. addresses a lack of data in risk reporting.
B. facilitates the identification of technologies posing the greatest risk to IT.
C. enables a consistent approach to risk management.
D. drives inclusion of the technology function in enterprise risk management.
Selected Answer: C
———————————————————————-
Question #: 58
Topic #: 1
When defining an enterprise governance framework, the PRIMARY determination of the degree to which the framework is principle-based or policy-based is:
A. enterprise architecture framework.
B. organizational decision-making style.
C. IT process maturity.
D. organizational structure.
Selected Answer: D
———————————————————————-
Question #: 59
Topic #: 1
A company is considering selling products online, and the CIO has been asked to advise the board of directors of potential problems with this strategy. Which of the following would be the CIO’s BEST course of action?
A. Perform a risk assessment.
B. Review the security framework.
C. Conduct a return on investment analysis.
D. Review the enterprise architecture.
Selected Answer: A
———————————————————————-
Question #: 60
Topic #: 1
After shifting from lease to purchase of IT infrastructure and software licenses, an enterprise has to pay for unexpected lease extensions causing significant cost overruns. The BEST direction for the IT steering committee would be to establish:
A. a program to annually review financial policy on overruns.
B. an end-of-life program to remove aging infrastructure from the environment.
C. budget cuts to compensate for the cost overruns.
D. a policy to consider total cost of ownership in investment decisions.
Selected Answer: D
———————————————————————-
Question #: 61
Topic #: 1
An enterprise is evaluating a Software-as-a-Service (SaaS) solution to support a core business process. There is no outsourcing governance or vendor management in place. The CEO’s FIRST course of action should be to:
A. establish a contract with the SaaS solution provider.
B. instruct management to use the standard procurement process.
C. ensure the service level agreements (SLAs) for service providers are defined.
D. ensure the roles and responsibilities to manage service providers are defined.
Selected Answer: D
———————————————————————-
Question #: 62
Topic #: 1
Which of the following would BEST help to ensure timely reporting on risk events and responses to appropriate levels of management?
A. Corporate directory
B. Key personnel interviews
C. Emergency response team
D. Escalation procedures
Selected Answer: D
———————————————————————-
Question #: 63
Topic #: 1
When developing an IT governance framework, it is MOST important for an enterprise to consider:
A. stakeholders’ support.
B. information technology risk.
C. framework development cost.
D. information technology strategy.
Selected Answer: D
———————————————————————-
Question #: 64
Topic #: 1
Which of the following would be MOST useful for prioritizing IT improvement initiatives to achieve desired business outcomes?
A. Portfolio management
B. Budget variance analysis
C. IT skills matrix
D. Enterprise architecture (EA)
Selected Answer: A
———————————————————————-
Question #: 65
Topic #: 1
The IT director of a large project-driven enterprise is concerned that all recently completed IT projects have exceeded their budgets. Which of the following would be the BEST way to address this concern?
A. Implement portfolio management.
B. Require monitoring of budget utilization.
C. Assign business sponsors to active projects.
D. Implement agile project methodology.
Selected Answer: А
———————————————————————-
Question #: 66
Topic #: 1
A government agency plans to use predictive analytics to improve the quality of its services. The IT director is confident they have selected the right tool and can acquire appropriate resources to support the business need. Which of the following should be the director’s NEXT course of action?
A. Ensure job descriptions are available for newly-hired IT resources.
B. Ensure IT has the appropriate processes in place.
C. Implement a balanced scorecard to measure service quality.
D. Establish a data governance council that includes IT senior management.
Selected Answer: B
———————————————————————-
Question #: 67
Topic #: 1
To successfully implement enterprise IT governance, which of the following should be the MAIN focus of IT policies?
A. Optimizing operational benefits
B. Enhancing organizational capability
C. Limiting IT costs
D. Providing business value
Selected Answer: D
———————————————————————-
Question #: 68
Topic #: 1
A recent benchmarking analysis has indicated an IT organization is retaining more data and spending significantly more on data retention than its competitors.
Which of the following would BEST ensure the optimization of retention costs?
A. Requiring that all business cases contain data deletion and retention plans
B. Revalidating the organization’s risk tolerance and re-aligning the retention policy
C. Redefining the retention policy to align with industry best practices
D. Moving all high-risk and medium-risk data backups to cloud storage
Selected Answer: D
———————————————————————-
Question #: 69
Topic #: 1
An enterprise is undertaking a multi-year portfolio of IT initiatives to replace core accounting systems. The program management team has developed a business case and is defining a roadmap for the initiatives. Of the following, who should be responsible for defining the optimization criteria for the portfolio?
A. Project management office
B. Board of directors
C. Program management team
D. IT steering committee
Selected Answer: C
———————————————————————-
Question #: 70
Topic #: 1
An enterprise has entered into a new market which brings additional regulatory compliance requirements. To address these new requirements, the enterprise should FIRST:
A. update the organization’s risk profile.
B. have executive management monitor compliance.
C. outsource the compliance process.
D. appoint a compliance officer.
Selected Answer: A
———————————————————————-
Question #: 71
Topic #: 1
An IT steering committee is preparing to review proposals for projects that implement emerging technologies. In anticipation of the review, the committee should
FIRST:
A. require a review of the enterprise risk management framework.
B. understand how the emerging technologies will influence risk across the enterprise.
C. determine if the IT staff can support the emerging technologies.
D. require a capacity plan and framework review for the emerging technologies.
Selected Answer: B
———————————————————————-
Question #: 72
Topic #: 1
The CIO of a large enterprise has taken the necessary steps to align IT objectives with business objectives. The BEST way for the CIO to ensure these objectives are delivered effectively by IT staff is to:
A. enhance the budget for training based on the IT objectives.
B. include the IT objectives in staff performance plans.
C. include CIO sign-off of the objectives as part of the IT strategic plan.
D. map the IT objectives to an industry-accepted framework.
Selected Answer: B
———————————————————————-
Question #: 73
Topic #: 1
An analysis of an organization’s security breach is complete. The results indicate that the quality of the code used for updates to its primary customer-facing software has been declining and security flaws were introduced. The FIRST IT governance action to correct this problem should be to review:
A. the incident response plan.
B. the change management control framework.
C. compliance with the user testing process.
D. the qualifications of developers to write secure code.
Selected Answer: B
———————————————————————-
Question #: 74
Topic #: 1
Senior leadership is concerned about a recent trend of excessive exceptions to existing controls. Which of the following should be implemented to address this concern?
A. Continuous monitoring
B. Independent audits
C. A control library
D. Risk awareness training
Selected Answer: A
———————————————————————-
Question #: 75
Topic #: 1
When developing a business case for an enterprise resource planning (ERP) implementation, which of the following, if overlooked, causes the GREATEST impact to the enterprise?
A. Salvage value of legacy hardware
B. IT best practices
C. Interdependent systems
D. Vendor selection
Selected Answer: C
———————————————————————-
Question #: 76
Topic #: 1
A regional business unit of a major financial institution is considering the use of a Software as a Service (SaaS) cloud vendor to implement a new system. Which of the following should be performed FIRST?
A. Update the outsourcing policy.
B. Investigate on-premise software solutions.
C. Develop a business case.
D. Determine if the cloud vendor has a secure data center.
Selected Answer: D
———————————————————————-
Question #: 77
Topic #: 1
During the implementation phase of a central ERP system, a project manager identifies a significant lack of human capabilities to support the system. The issue is reported to the project sponsor, and the sponsor sends a request for an increase in the budget to the IT steering committee. What should be the IT steering committee’s FIRST action?
A. Require a revised business case.
B. Approve the budget request.
C. Provide appropriate training.
D. Refer back to the project sponsor for resolution.
Selected Answer: A
———————————————————————-
Question #: 78
Topic #: 1
For a large enterprise, which of the following is the BEST indicator that IT governance has a poor reputation?
A. Regulatory noncompliance
B. Low attendance at strategy committee meetings
C. High turnover of IT staff
D. Data leakage
Selected Answer: B
———————————————————————-
Question #: 79
Topic #: 1
An enterprise has committed to the implementation of a new IT governance model. The BEST way to begin this implementation is to:
A. prioritize how much and where to invest in IT.
B. identify the role of IT in supporting the business.
C. define policies for data, applications, and organization of infrastructure.
D. identify IT services that currently support the enterprise’s capability.
Selected Answer: B
———————————————————————-
Question #: 80
Topic #: 1
Which of the following is the PRIMARY role of the CEO in IT governance?
A. Evaluating return on investment
B. Managing the risk governance process
C. Establishing enterprise strategic goals
D. Nominating IT steering committee membership
Selected Answer: C
