An enterprise has committed to the implementation of a new IT governance model. The BEST way to begin this implementation is to:
Correct Answer: C
The first step in implementing a new IT governance model is to identify the role of IT in supporting the business, which means clarifying the vision, mission, goals, and strategies of the enterprise and how IT can enable and align with them. This step helps to establish the businessvalue and direction of IT, as well as the expectations and responsibilities of the stakeholders involved. It also helps to define the scope and boundaries of IT governance, and to identify the key issues and challenges that need to be addressed. Identifying the role of IT in supporting the business is a prerequisite for the other steps, such as identifying IT services, defining policies, and prioritizing investments, which are based on the business needs and objectives. References: CGEIT Exam Content Outline | ISACA1, CGEIT Review Manual (Digital Version), 5 Steps to Create a Governance Model to Become an IT Genius in Healthcare2
Question 27
An enterprise has committed to the implementation of a new IT governance model. The BEST way to begin this implementation is to:
Correct Answer: C
The first step in implementing a new IT governance model is to identify the role of IT in supporting the business, which means clarifying the vision, mission, goals, and strategies of the enterprise and how IT can enable and align with them. This step helps to establish the business value and direction of IT, as well as the expectations and responsibilities of the stakeholders involved. It also helps to define the scope and boundaries of IT governance, and to identify the key issues and challenges that need to be addressed. Identifying the role of IT in supporting the business is a prerequisite for the other steps, such as identifying IT services, defining policies, and prioritizing investments, which are based on the business needs and objectives. Reference: CGEIT Exam Content Outline | ISACA1, CGEIT Review Manual (Digital Version), 5 Steps to Create a Governance Model to Become an IT Genius in Healthcare2
Question 28
Which of the following provides the BEST evidence of an IT risk-aware culture across an enterprise?
Correct Answer: A
An IT risk-aware culture is one that promotes a shared understanding of risk and supports the organization's strategy, business model, operational practices, and competitive advantage1. It works to strengthen the core of an organization's operations and protects customers, the brand, and the bottom line1. An IT risk-aware culture also involves the participation and collaboration of all stakeholders in identifying, assessing, and managing IT risks2. Therefore, the BEST evidence of an IT risk-aware culture across an enterprise is when business staff report identified IT risks. This indicates that the business staff are aware of the potential threats and impacts that IT risks can pose to the organization, and that they are willing and able to communicate and escalate them to the appropriate authorities3. The other options are not as good as option A. While it is important to communicate IT risks to the business, publish IT risk-related policies, and ensure the resilience of the IT infrastructure, these are not sufficient to demonstrate an IT risk-aware culture across an enterprise. They are rather means to achieve the end goal of managing and mitigating IT risks. They do not necessarily reflect the level of awareness, attitude, and behavior of the organization's employees toward risk and how risk is managed within the organization. References := Cultivating a Risk Intelligent Culture - Deloitte US1 Building an Effective Risk-Aware Culture - Magazine4 7 Steps to Create a Risk-Aware Culture | Treasury & Risk3
Question 29
An IT department outsourced application support and negotiated service level agreements (SLAs) directly with the vendor Although the vendor met the SLAs business owner expectations are not met and senior management cancels the contract This situation can be avoided in the future by:
Correct Answer: D
Assigning responsibility for vendor management is the best way to avoid the situation where the IT department outsourced application support and negotiated service level agreements (SLAs) directly with the vendor, but the business owner expectations were not met and senior management cancelled the contract. Vendor management is the process of managing the relationship with a supplier, also known as a vendor or a third party1. Vendor management involves selecting, contracting, monitoring, evaluating, and communicating with vendors to ensure that they deliver the goods and services that meet the business needs and objectives1. Assigning responsibility for vendor management helps to ensure that there is a clear and consistent governance structure, strategy, and policy for working with vendors2. It also helps to align the expectations and interests of all the stakeholders involved, such as the IT department, the business owners, and the senior management2. Assigning responsibility for vendor management also helps to avoid duplication of efforts, conflicts of interest, or gaps in oversight that could result in poor vendor performance, dissatisfaction, or risk exposure2.
Question 30
Which of the following areas tracks the project delivery, and monitors the IT services?
