Within a tailored enterprise governance system, a sourcing model for information and technology is associated with:
Correct Answer: A
Explanation A tailored enterprise governance system is a governance system that is customized to suit the specific needs and context of an enterprise. A sourcing model for information and technology is one of the design factors that influence the design and implementation of a tailored governance system. A sourcing model describes how the enterprise obtains and delivers I&T services, such as in-house, outsourced, cloud-based, etc. The sourcing model affects the governance objectives, components, and enablers that are relevant and applicable for the enterprise.12 References: COBIT 2019 Framework: Introduction and Methodology, COBIT 2019 Design Guide: Designing an Information and Technology Governance Solution
Question 177
Which of the following would be an appropriate metric associated with an enterprise goal of "Business service continuity and availability"?
In Phase 1 of the COBIT implementation approach, which of the following should be used to outline executive management's desire for change within the enterprise?
Correct Answer: C
Phase 1 of the COBIT implementation approach focuses on recognizing the need for change and initiating the program. A critical component of this phase is articulating executive management's desire and rationale for change within the enterprise. The most effective tool for this purpose is the development of a "Business case." * Business Case:This document serves as a formal justification for undertaking a change initiative. It outlines the strategic alignment of the proposed change with enterprise goals, the expected benefits, costs, potential risks, and the overall impact on the organization. By presenting a well-structured business case, executive management can communicate the necessity and anticipated value of the change, securing stakeholder buy-in and guiding decision-making processes. Option A, "Balanced scorecard," is a strategic planning and management tool used to monitor organizational performance against strategic goals. While valuable for performance measurement, it is not specifically designed to convey the impetus for change. Option B, "Risk assessment," involves identifying and evaluating potential risks that could impact the organization. Although understanding risks is essential, a risk assessment does not comprehensively capture the executive management's motivation and justification for change. Therefore, in Phase 1 of the COBIT implementation approach, a "Business case" is the appropriate instrument to outline executive management's desire for change within the enterprise. References: COBIT 2019 Implementation Guide: Implementing and Optimizing an Information and Technology Governance Solution, ISACA, 2018. COBIT 2019 Framework: Introduction and Methodology, ISACA, 2018.
Question 179
When Tailoring a governance system, what would be the MOST appropriate level of threat landscape for an enterprise in the health care sector?
Correct Answer: C
According to the COBIT 2019 Study Manual from Isaca, the most appropriate level of threat landscape for an enterprise in the health care sector is a high level. This is due to the sensitive nature of the data and services provided by health care entities, which means organizations in this sector must take extra measures to ensure the security of their systems and data. For organizations in the health care sector, a high level of threat landscape should be adopted when tailoring a governance system to meet the specific security requirements of the organization.
Question 180
Which of the following is a KEY consideration when determining the initial scope of a governance system?
Correct Answer: A
The initial scope of a governance system is the extent and boundaries of the governance system that an enterprise intends to design and implement using COBIT 2019. The initial scope helps to define the focus and direction of the governance system design process, as well as the resources and efforts required for its implementation. One of the key considerations when determining the initial scope of a governance system is the compliance requirements faced by the enterprise. The compliance requirements are the laws, regulations, standards, guidelines, contracts, or agreements that an enterprise must comply with regarding its information and technology activities. The compliance requirements influence the level of control and assurance that an enterprise needs to demonstrate its adherence to the applicable rules and obligations. By considering the compliance requirements when determining the initial scope of a governance system, an enterprise can ensure that its governance system is appropriate for its context and objectives, and that it can effectively manage the potential impacts of non-compliance on its reputation, performance, value, and stakeholder trust.References: : COBIT 2019 Design Guide: page 47-48 : COBIT 2019 Design Guide: page 53-54
