The PRIMARY objective of promoting business ethics within the IT enterprise should be to ensure:
Correct Answer: A
Business ethics is the application of ethical values to business behaviour. It encompasses the people, processes, and technologies required to manage and protect data assets1. Promoting business ethics within the IT enterprise should be the primary objective because it ensures trust among internal and external stakeholders, such as customers, employees, suppliers, regulators, and society234. Trust is important because it makes cooperation possible, enhances performance, fosters engagement, and creates long-term value21. While the other options are also desirable outcomes of business ethics, they are not the primary objective. Employees acting more responsibly, corporate social responsibility, and legal and regulatory compliance are all consequences of trust-building rather than the main goal. References: * 2: https://www.ibm.com/topics/data-governance * 1: https://www.cio.com/article/202183/what-is-data-governance-a-best-practices-framework-for-managing-d * 3: https://www.sailpoint.com/identity-library/enterprise-data-governance/ * 4: https://atlan.com/enterprise-data-governance/
Question 177
Which of the following areas addresses the safeguarding of IT assets, disaster recovery and continuity of operations?
Correct Answer: B
Section: Volume C
Question 178
Communicating which of the following to staff BEST demonstrates senior management's commitment to IT governance?
Correct Answer: C
Communicating the objectives and responsibilities to staff is the BEST way to demonstrate senior management's commitment to IT governance. IT governance is the process of ensuring that IT supports the achievement of the organization's goals and objectives, and delivers value to its stakeholders1. IT governance involves aligning the IT strategy, policies, processes, and resources with the business strategy, needs, and expectations2. However, implementing and sustaining IT governance requires a significant amount of change in the organization, such as introducing new technologies, standards, roles, and responsibilities3. Therefore, communicating the objectives and responsibilities to staff is essential for demonstrating senior management's commitment to IT governance, as it can: Provide the direction and mandate for the IT governance initiative on an ongoing basis Communicate the vision, mission, goals, and objectives of the IT function to all stakeholders Allocate the necessary resources and capabilities to enable the IT governance processes and activities Monitor and evaluate the performance and outcomes of the IT function and provide feedback and recognition Foster a positive and collaborative culture that values IT as a strategic partner and enabler of the business The other options are not as good as option C. While it is important to communicate the legal and regulatory requirements, the approved IT investment opportunities, and the need for enterprise architecture (EA), these are not sufficient to demonstrate senior management's commitment to IT governance. They are rather means to achieve the end goal of implementing and sustaining IT governance. They do not necessarily reflect the level of commitment, involvement, and support from the management toward IT governance. References := What is IT Governance? Definition & Examples | ASQ2 What is IT governance? A formal way to align IT & business strategy1 How to Involve Senior Management in the Information Security Governance ...3
Question 179
Which of the following components of COSO ERM framework encompasses the nature of an enterprise, and sets the basis for how risk is viewed and addressed by an organization people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which it operates?
Correct Answer: C
Question 180
Which of the following is the PRIMARY purpose of an effective set of key risk indicators (KRIs)?
Correct Answer: A
The PRIMARY purpose of an effective set of key risk indicators (KRIs) is to identify possible future adverse impacts on the enterprise. KRIs are metrics or indicators used by organizations to identify, assess, and monitor potential risks. KRIs show how risky a decision, activity, strategy, or plan may be for a business or company. KRIs can be used to monitor operational, technological, financial and staff processes, such as security breaches, economic downturn and staff turnover rate. KRIs are like alarms that alert businesses of changes in the level of risk exposure1. By identifying possible future adverse impacts on the enterprise, KRIs can help to: * Prevent or mitigate the negative consequences of risks, such as financial loss, operational disruption, reputational damage, legal liability, etc. * Enhance the decision-making and planning processes by providing relevant and timely information on risks * Align the risk management activities with the business objectives and expectations * Communicate and report the risk status and performance to stakeholders and regulators Therefore, identifying possible future adverse impacts on the enterprise is the primary purpose of an effective set of KRIs. 1: Key Risk Indicators: Examples & Definitions - SolveXia
