Which of the following should be the MOST essential consideration when outsourcing IT services?
Correct Answer: A
Outsourcing IT services requires a clear distinction between core and non-core processes to ensure that strategic capabilities are retained in-house while non-core activities are outsourced. The CGEIT Review Manual 8th Edition highlights that identifying core and non-core processes is the most essential consideration for outsourcing decisions. * Extract from CGEIT Review Manual 8th Edition (Domain 5: Benefits Realization):"The most critical consideration in outsourcing IT services is identifying core and non-core business processes. Core processes, which provide competitive advantage, should typically be retained, while non-core processes can be outsourced to improve efficiency and focus on strategic priorities." (Approximate reference: Domain 5, Section on Outsourcing Strategy) Identification of core and non-core business processes (option A) ensures that outsourcing aligns with the enterprise's strategic goals and avoids compromising critical capabilities. * Why not the other options? * B. Compliance with enterprise architecture (EA): EA compliance is important but secondary to determining what processes should be outsourced. * C. Alignment with existing human resources (HR) policies and practices: HR alignment is operational and less critical than strategic process identification. * D. Adoption of a diverse vendor selection process: Vendor selection follows the decision to outsource and is not the primary consideration. References: ISACA CGEIT Review Manual 8th Edition, Domain 5: Benefits Realization, Section on Outsourcing and Core Competencies. ISACA CGEIT Study Guide, Chapter on Strategic Outsourcing.
Question 2
Which of the following is NOT a sub-process of Service Portfolio Management?
Correct Answer: B
Question 3
An enterprise is trying to increase the maturity of its IT process from being ad hoc to being repeatable. Which of the following is the PRIMARY benefit of this change?
Correct Answer: D
Increasing the maturity of IT process from being ad hoc to being repeatable means that the process is documented and followed consistently, resulting in more predictable and reliable outcomes. According to the capability maturity model for the IT governance process, a repeatable level indicates that "required outcomes are more frequently achieved" 1. Reference: CGEIT Domain 1: Framework for the Governance of Enterprise IT
Question 4
Which of the following is the MOST important consideration when integrating a new vendor with an enterprise resource planning (ERP) system?
Correct Answer: B
A vendor risk assessment is the most important consideration when integrating a new vendor with an ERP system, because it helps to identify and evaluate the potential risks or hazards associated with the vendor's operations and products and their impact on the organization. A vendor risk assessment can cover aspects such as security, compliance, quality, reliability, performance, and contingency plans. By conducting a vendor risk assessment, the organization can mitigate the risks and ensure a smooth and secure integration with the ERP system. The other options are not as important as a vendor risk assessment, because they are either dependent on or secondary to it. IT senior management selects the vendor based on the results of the vendor risk assessment and other criteria. ERP data mapping is approved by the enterprise architect afterthe vendor risk assessment confirms that the vendor's data is compatible and consistent with the ERP system. Procurement provides the terms of the contract after the vendor risk assessment validates that the vendor meets the organizational standards and obligations. References := Guide to Vendor Risk Assessment, 10 Risk Assessment Factors for ERP System Integration Projects, Ensuring Vendor Compliance and Third-Party Risk Mitigation
Question 5
A new and expanding enterprise has recently received a report indicating 90% of its data has been collected in just the last six months, triggering data breach and privacy concerns. What should be the IT steering committee's FIRST course of action to ensure new data is managed effectively?
Correct Answer: D
An information governance framework is the structure that provides a holistic overview of the influences that inform how an organisation creates and manages its enterprise-wide information assets (records, information and data)1. It defines the roles, responsibilities, policies, standards, and processes for ensuring effective and secure information management. If a new and expanding enterprise has collected a large amount of data in a short period of time, it may face data breach and privacy risks if it does not have a robust and comprehensive information governance framework in place. Therefore, the IT steering committee's first course of action should be to assess the current state of the information governance framework, identify any gaps or weaknesses, and implement improvements or changes as needed. This will help the enterprise to protect and preserve its information assets, comply with legal and regulatory requirements, and enable ethical and efficient use of information. Mitigating and tracking data-related issues and risks, modifying legal and regulatory data requirements, and defining data protection and privacy practices are important actions, but they are not the first course of action. They are more likely to be part of the implementation or improvement of the information governance framework after it has been assessed. Reference:= Establishing an information governance framework
