Which projects should be included when reporting on performance measurements related to an EGIT implementation program plan?
Correct Answer: C
Explanation The performance measurements are the indicators that measure the progress and outcomes of the EGIT implementation program plan against the predefined success criteria such as key performance indicators (KPIs), key goal indicators (KGIs), key risk indicators (KRIs), etc. The performance measurements help to evaluate the effectiveness, efficiency, and value of the EGIT implementation program plan, as well as to identify and address any issues, risks, or gaps that may arise during the execution of the program. The projects that should be included when reporting on performance measurements related to an EGIT implementation program plan are all projects deemed appropriate by IT management. IT management is the function that is responsible for planning, organizing, directing, controlling, and monitoring the information and technology activities in an enterprise. IT management is also responsible for selecting, prioritizing, balancing, monitoring, evaluating, and optimizing information and technology investments and initiatives that support business strategy and objectives. IT management has the authority and discretion to decide which projects are relevant and important for reporting on performance measurements related to an EGIT implementation program plan, based on factors such as project scope, size, complexity, duration, cost, risk, interdependencies, alignment, value, etc. By including all projects deemed appropriate by IT management when reporting on performance measurements related to an EGIT implementation program plan, the enterprise can ensure that the report covers the most significant and critical aspects of the program, and that it provides a comprehensive and accurate picture of the program status and performance12 1: COBIT 2019 Implementation Guide: page 51-52 2: COBIT 2019 Framework: Governance and Management Objectives: page 20-21
Question 37
l&T-related issues should be considered as part of the design factors for a governance system in order to manage:
Correct Answer: C
Explanation IT-related issues should be considered as part of the design factors for a governance system in order to manage risks that have a high impact. Design factors are the characteristics of the enterprise that influence the design and operation of a governance system, such as size, industry, culture, strategy, etc. IT-related issues are one of the 11 design factors defined in COBIT 2019, and they refer to the specific challenges or opportunities that arise from the use of information and technology in the enterprise, such as cybersecurity, digital transformation, innovation, etc. These issues may pose significant risks to the enterprise's objectives, performance, or reputation, and therefore need to be addressed by the governance system. The answer is based on the COBIT 2019 Design Guide1, page 15. References: 1: COBIT 2019 Design Guide | Digital | English.
Question 38
Which of the following metrics would BEST enable an enterprise to evaluate an alignment goal specifically related to security of information and privacy?
Correct Answer: A
Question 39
A CIO of a global enterprise has been mandated by the board to change the IT organizational structure from a divisional model to a centralized model and adopt outsourcing as required. The CIO identifies specific design factors that increase the importance of certain governance and management objectives. Which of the following is MOST likely to increase as a result?
Correct Answer: B
Explanation The capability levels are a measure of how well an enterprise performs its information and technology governance and management processes in terms of process attributes such as process performance, process definition, process deployment, process measurement, process control, process optimization etc. The capability levels range from 0 (incomplete) to 5 (optimizing), indicating the degree of maturity and effectiveness of an enterprise's information and technology governance and management processes. The capability levels are most likely to increase as a result of identifying specific design factors that increase the importance of certain governance and management objectives. The design factors are the characteristics or conditions that influence how an enterprise designs and implements its information and technology governance system using COBIT 2019. The design factors include aspects such as enterprise strategy archetype; enterprise goals; IT-related goals; risk profile; IT deployment; threat landscape; compliance requirement; operating environment; size of enterprise; culture; stakeholders; etc. By identifying specific design factors that increase the importance of certain governance and management objectives, an enterprise can tailor its information and technology governance system to suit its context and needs. This will also help to improve its capability levels for those governance and management objectives that are prioritized by the design factors. For example, if an enterprise identifies that its IT deployment design factor is cloud-based or hybrid-based, it may increase the importance of certain governance and management objectives such as managed availability and capacity (BAI04), managed service agreements (APO09), managed security services (DSS05), etc., which are relevant for managing cloud-based or hybrid-based IT solutions. By tailoring its information and technology governance system to address those governance and management objectives more effectively, the enterprise can also increase its capability levels for those processes.References: : COBIT 2019 Design Guide: page 33-48 : COBIT 2019 Process Assessment Model: page 11-13
Question 40
One year after IT governance is implemented, what KEY question should be asked and evaluated?
Correct Answer: C
Explanation The key question that should be asked and evaluated one year after IT governance is implemented is whether the enterprise has achieved expected benefits. Benefits are the positive outcomes or value that are derived from a project or program. Benefits can be tangible (such as increased revenue, reduced costs, improved efficiency, etc.) or intangible (such as enhanced reputation, customer satisfaction, employee engagement, etc.). Benefits realization is the process of planning, managing, measuring, and reporting the benefits that are delivered by a project or program. Asking and evaluating whether the enterprise has achieved expected benefits one year after IT governance is implemented is important because it helps to determine whether the IT governance system is effective in creating value for the enterprise and its stakeholders.12 References: COBIT 2019 Framework: Introduction and Methodology, COBIT 2019 Implementation Guide: Implementing an Information and Technology Governance Solution
