An enterprise considers implementing a system that uses a technology that is not in line with its IT
strategy. The business case indicates significant benefit to the enterprise. Which of the following is
the BEST way to manage this situation within an IT governance framework?
D
Explanation:
An architecture exception process is a mechanism to handle requests for deviations from the
established IT architecture policies or standards. It allows the enterprise to evaluate the business
case, risks, benefits, and alternatives of implementing a system that uses a technology that is not in
line with its IT strategy. It also enables the enterprise to define the conditions, limitations, and
timelines for granting or denying the exception. According to one of the web search results1,
“requests for exceptions to any architectural policy or standard use this process” and “the decision
may include a deadline for removing the need for the exception, constraints on future projects, or
similar terms.” Addressing the situation as part of an architecture exception process is the best way
to manage it within an IT governance framework, as it provides a structured andtransparent way to
balance the business needs and the IT alignment. Updating the IT strategy to align with the new
technology, initiating an operational change request, or rejecting based on non-alignment are not
the best ways to manage the situation within an IT governance framework. They are more likely to
be either too rigid or too reactive, and may not consider the trade-offs or implications of the
decision..
Reference:
CGEIT Review Manual 2021, Chapter 1: Governance of Enterprise IT, Section 1.4: Value Delivery, page
CGEIT Review Questions, Answers & Explanations Manual 2021, Question 9, page 82
A Matrixed Approach to Designing IT Governance - MIT Sloan Management Review3
Enterprise Architecture Governance | The Definitive Guide - LeanIX4
Architecture Review Board Exception Process - Minnesota’s State Portal5
Which of the following groups should approve the implementation of new technology?
A
Explanation:
An IT steering committee is a group of senior executives who are responsible for directing,
reviewing, and approving IT strategic plans, overseeing major initiatives, and allocating resources.
They are the most appropriate group to approve the implementation of new technology, as they can
ensure that it aligns with the organization’s vision, mission, goals, and objectives. They can also
evaluate the business case, risks, benefits, and alternatives of the new technology and provide
guidance and support to the IT team. According to one of the web search results1, “the steering
committee establishes IT priorities for the business as a whole.” Reference := What is an IT Steering
Committee? – BMC Software | Blogs
A regulatory audit assessed an enterprise's main transactional application as noncompliant. In
addition to fines and required corrections, an agreement was reached to implement a set of
governance controls over IT. Accountability for these controls is BEST assigned to which of the
following?
D
Explanation:
The board of directors is ultimately responsible for the governance of IT and ensuring that IT
supports the enterprise’s objectives and strategy. The board of directors should also oversee the
implementation and monitoring of IT governance controls to ensure compliance with laws and
regulations. Reference: ISACA, CGEIT Review Manual, 7th Edition, 2019, page 17.
An enterprise can BEST assess the benefits of a new IT project through its life cycle by:
B
Explanation:
A business case is a document that outlines the rationale, objectives, benefits, costs, risks and
alternatives of a proposed IT project. A business case should be reviewed periodically throughout the
project life cycle to ensure that the project is still aligned with the enterprise’s strategy and goals,
and that the expected benefits are still achievable and realistic. A periodic review of the business
case can also help to identify any changes or issues that may affect the project’s scope, schedule,
budget or quality, and to take corrective actions accordingly. Reference: ISACA, CGEIT Review
Manual, 7th Edition, 2019, page 77. A guide to measuring benefits effectively. Cost-Benefit Analysis:
A Quick Guide with Examples and Templates.
The PRIMARY reason for an enterprise to adopt an IT governance framework is to:
A
Explanation:
IT governance is a framework that provides a formal structure for organizations to ensure that IT
investments support business objectives. The primary reason for an enterprise to adopt an
ITgovernance framework is to assure that IT sustains and extends the enterprise strategies and
objectives, by aligning IT with business needs, optimizing IT performance and value, managing IT
risks and resources, and measuring IT outcomes and benefits12. Reference: ISACA, CGEIT Review
Manual, 7th Edition, 2019, page 15. What Is IT Governance? Definition, Practices and Frameworks. IT
Governance: Definition, Frameworks, and Best Practices.
Which of the following is the BEST approach when reviewing The security status of a new business
acquisition?
D
Explanation:
The security status of a new business acquisition is a critical factor that can affect the value,
performance, and reputation of the acquiring company. Therefore, it is essential to conduct a
thorough IT risk assessment of the target company as part of the overall due diligence process. An IT
risk assessment can help to identify and evaluate the current and potential cybersecurity threats,
vulnerabilities, and controls in the target company’s IT environment, as well as the compliance with
relevant laws and regulations. An IT risk assessment can also help to estimate the costs and efforts
required to remediate any security gaps or issues, and to align the security policies and standards of
both parties. By integrating IT risk assessment into the due diligence process, the acquiring company
can make informed decisions about the feasibility, valuation, and integration of the new business
acquisition12. Reference: Due diligence for Mergers and Acquisitions through a cybersecurity
lens. Microsoft Security tips for mitigating risk in mergers and acquisitions.
The board of directors of an enterprise has approved a three-year IT strategic program to centralize
the core business processes of its global entities into one core system. Which of the following should
be the ClO's NEXT step?
D
Explanation:
A program roadmap is a strategic plan that outlines the vision, objectives, scope, deliverables,
milestones, dependencies, risks, and benefits of a large-scale IT program. A program roadmap can
help the CIO and other stakeholders to communicate, align, and monitor the progress and outcomes
of the program. A program roadmap is essential for a complex and long-term IT program such as
centralizing the core business processes of global entities into one core system. A program roadmap
can help to ensure that the program is aligned with the IT strategy and the business goals, that the
program has a clear and realistic scope and schedule, that the program has adequate resources and
governance, and that the program delivers the expected value and benefits1234. Reference: How to
Create an IT Strategy Roadmap. Definitive Guide to Developing an IT Strategy and Roadmap. What is
an IT Roadmap?. How To Develop a Strategy Roadmap in Six Steps.
Which of the following is the MOST important driver of IT governance?
B
Explanation:
Management transparency is the most important driver of IT governance, because it enables the
alignment of IT and business goals, the accountability of IT performance and value, the
communication and collaboration among stakeholders, and the compliance with laws and
regulations. Management transparency refers to the degree to which information about IT decisions,
processes, outcomes, and risks is shared openly and honestly with relevant parties, such as the board
of directors, senior management, business units, IT staff, customers, and regulators. Management
transparency can help to build trust, confidence, and support for IT initiatives, as well as to identify
and address any issues or gaps in IT governance12. Reference: What is IT governance? A formal way
to align IT & business strategy. Definition of IT Governance (ITG) - IT Glossary | Gartner.
A global enterprise is experiencing an economic downturn and is rapidly losing market share. IT
senior management is reassessing the core activities of the business, including IT, and the associated
resource implications. Management has decided to focus on its local market and to close
international operations. A critical issue from a resource management perspective is to retain the
most capable staff. This is BEST achieved by:
A
Explanation:
Goals-based performance appraisals are a method of evaluating employees based on their
achievement of specific and measurable objectives that are aligned with the organization’s strategy
and vision. Goals-based performance appraisals can help to identify the most capable staff who have
contributed to the organization’s success, demonstrated high performance and potential, and shown
commitment and engagement. Reviewing current goals-based performance appraisals across the
enterprise can help management to retain the most capable staff regardless of their location,
compensation, or length of service12. Reference: Performance Appraisal Methods: Traditional and
Modern Methods (with example). How to Conduct a Performance Appraisal.
An IT steering committee is presented with an audit finding that new software applications are
delivered on time but consistently have unacceptable levels of defects. Which of the following would
be the BEST direction from the committee?
D
Explanation:
The quality assurance process is the set of activities that ensures that the software development
process follows the defined standards and meets the customer requirements. The quality assurance
process includes planning, designing, executing, and monitoring the tests, as well as reporting and
resolving the defects. Evaluating the quality assurance process can help to identify and improve the
root causes of software defects, such as inadequate testing techniques, tools, or resources, poor
communication or collaboration among stakeholders, or lack of quality control or feedback
mechanisms123. Reference: QA Process: A Complete Guide to QA Stages, Steps, & Tools. What is
Software Quality Assurance (SQA): A Guide for Beginners. Software Quality Assurance | Components
| Standards | Techniques - EDUCBA.