Free Access to ISACA.CGEIT.v2024-05-21.q447 with Valid Practice Test (Page 58)

Question 281

An enterprise has made the strategic decision to reduce operating costs for the next year and is taking advantage of cost reductions offered by an external cloud service provider. Which of the following should be the IT steering committee's PRIMARY concern?

A.Revising the business $ balanced store card
B.Updating the business risk profile
C.Changing the IT steering committee charter
D.Calculating the cost of the current solution

Question 282

An airline wants to launch a new program involving the use of artificial intelligence (Al) and machine learning the mam objective of the program is to use customer behavior to determine new routes and markets Which of the following should be done NEXT?

A.Consult with the enterprise privacy function
B.Define the critical success factors (CSFs)
C.Present the proposal to the IT strategy committee
D.Perform a business impact analysis (BIA)

Question 283

An enterprise has decided to use third-party software for a business process which is hosted and supported by the same third party. The BEST way to provide quality of service oversight would be to establish a process:

A.for robust change management.
B.for periodic service provider audits.
C.for enterprise architecture (EA) updates.
D.to qualify service providers.

Correct Answer: B

A periodic service provider audit is a process of conducting an independent and objective assessment of the service provider's performance, quality, compliance, and security in relation to the agreed service level agreement (SLA) and the enterprise's expectations and requirements. A periodic service provider audit can help provide quality of service oversight by:
* Verifying and validating the service provider's claims and credentials, and ensuring that they meet the contractual obligations and standards
* Identifying and evaluating the strengths, weaknesses, opportunities, and threats of the service provider's services, processes, and controls
* Detecting and reporting any issues, gaps, or risks that may affect the quality of service delivery or the enterprise's objectives and value
* Recommending and implementing corrective and preventive actions to address and resolve the issues, gaps, or risks
* Monitoring and measuring the outcomes and effectiveness of the corrective and preventive actions, and ensuring their alignment with the SLA References:
* According to the CGEIT Review Manual 20221, "Service provider audits are a key mechanism for ensuring that service providers are meeting their contractual obligations and delivering value to the enterprise. Service provider audits should be conducted periodically or as needed to assess the performance, quality, compliance, and security of the service provider's services, processes, and controls."
* According to the ISACA article on IT Outsourcing: Audit Considerations2, "IT outsourcing audit is a process of examining and evaluating the IT outsourcing arrangements between an enterprise and its service providers. IT outsourcing audit aims to provide assurance that the IT outsourcing arrangements are aligned with the enterprise's strategy, objectives, and risk appetite; that the service providers are delivering the expected services in accordance with the SLAs; that the service providers are complying with the applicable laws, regulations, and standards; and that the service providers are managing and mitigating the IT outsourcing risks effectively."
* According to the PwC article on Service Provider Audits3, "Service provider audits are an essential tool for organizations to gain insight into their service providers' operations, controls, risks, and compliance status. Service provider audits can help organizations ensure that their service providers are meeting their expectations and obligations; identify any areas of improvement or concern; enhance their relationship and communication with their service providers; and optimize their IT outsourcing strategy."

Question 284

Which of the following are the objectives of Service Level Management (SLM)?
1.To negotiate SLAs with the customers and to design services in accordance with the agreed service level targets.
2.Defining, documenting, and agreeing the level of IT Services to be provided.
3.Identifying possible future markets that the Service Provider could operate in.
4.Monitoring, measuring, and reporting the actual level of services provided.
5.Monitoring and improving customer satisfaction.

A.1 and 2 only
B.1, 2, 3, 4, and 5
C.1, 2, and 3 only
D.1, 2, 3, and 5 only
E.1, 2, 4, and 5 only

Question 285

You are the project manager for your organization. You are preparing for the quantitative risk analysis. Mark, a project team member, wants to know why you need to do quantitative risk analysis when you just completed qualitative risk analysis. Which one of the following statements best defines what quantitative risk analysis is?

A.Quantitative risk analysis is the process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact.
B.Quantitative risk analysis is the planning and quantification of risk responses based on probability and impact of each risk event.
C.Quantitative risk analysis is the review of the risk events with the high probability and the highest impact on the project objectives.
D.Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on overall project objectives.

Question 281

Question 282

Question 283

Question 284

Question 285

Download PDF File