A newly established IT steering committee is concerned about whether a system is meeting
availability objectives. Which of the following will provide the BEST information to make an
assessment?
C
Explanation:
Performance indicators are quantitative measures that can be used to evaluate the availability of a
system or service. They can include metrics such as uptime, downtime, response time, availability
percentage, etc. Balanced scorecard, capability maturity levels, and critical success factors are not
directly related to availability objectives, but rather to strategic alignment, process improvement,
and goal achievement respectively. Reference := CGEIT Exam Content Outline, Domain 1:
Governance of Enterprise IT, Subdomain A: Governance Framework, Task 5: Establish and monitor
key performance indicators (KPIs) and key goal indicators (KGIs) that are aligned with strategic
objectives.
Which of the following is the BEST method to monitor IT governance effectiveness?
B
Explanation:
A balanced scorecard is a strategic management tool that measures and monitors the performance
of an organization against its vision, mission, goals, and objectives. It uses four perspectives:
financial, customer, internal process, and learning and growth. A balanced scorecard can help
evaluate the effectiveness of IT governance by aligning IT activities with business strategies,
assessing IT value delivery, identifying IT strengths and weaknesses, and facilitating continuous
improvement. Reference := CGEIT Exam Content Outline, Domain 1: Governance of Enterprise IT,
Subdomain B: Strategic Management, Task 3: Establish and maintain a framework for the governance
of enterprise IT to enable the achievement of enterprise objectives.
An IT audit reveals inconsistent maintenance of data privacy in enterprise systems primarily due to a
lack of data sensitivity categorizations. Once the categorizations are defined, what is the BEST long-
term strategic response by IT governance to address this problem?
A
Explanation:
Data classification is the process of categorizing data according to its sensitivity, such as public,
confidential, or restricted. Data classification helps ensure that data privacy is maintained by applying
appropriate controls and policies to different types of data. By standardizing data classification
processes throughout the enterprise, IT governance can ensure consistent and effective data privacy
practices across all systems and departments. Incorporating enterprise privacy categorizations into
contracts, requiring business impact analyses for enterprise systems, and reassessing the data
governance policy are not long-term strategic responses, but rather tactical or operational actions
that may support data privacy. Reference := What is Data Classification?, Data Governance Policy:
Examples & Templates, What is data governance?
A new and expanding enterprise has recently received a report indicating 90% of its data has been
collected in just the last six months, triggering data breach and privacy concerns. What should be the
IT steering committee's FIRST course of action to ensure new data is managed effectively?
D
Explanation:
An information governance framework is the structure that provides a holistic overview of the
influences that inform how an organisation creates and manages its enterprise-wide information
assets (records, information and data)1. It defines the roles, responsibilities, policies, standards, and
processes for ensuring effective and secure information management. If a new and expanding
enterprise has collected a large amount of data in a short period of time, it may face data breach and
privacy risks if it does not have a robust and comprehensive information governance framework in
place. Therefore, the IT steering committee’s first course of action should be to assess the current
state of the information governance framework, identify any gaps or weaknesses, and implement
improvements or changes as needed. This will help the enterprise to protect and preserve its
information assets, comply with legal and regulatory requirements, and enable ethical and efficient
use of information. Mitigating and tracking data-related issues and risks, modifying legal and
regulatory data requirements, and defining data protection and privacy practices are important
actions, but they are not the first course of action. They are more likely to be part of the
implementation or improvement of the information governance framework after it has been
assessed. Reference := Establishing an information governance framework
An enterprise is planning to replace multiple enterprise resource planning (ERP) systems at various
regions with one company-wide ERP system. The main objective of this change is to achieve
economies of scale efficiencies resulting in cost reductions. To meet this objective, what is the BEST
approach in the planning phase of the project?
B
Explanation:
One of the main benefits of ERP systems is that they can integrate and streamline various business
processes across an enterprise, such as accounting, inventory, sales, human resources, etc. However,
this also means that different regions or departments may have to adopt common or standardized
processes that are supported by the ERP system, rather than using their own customized or localized
ones. This can reduce the complexity and cost of implementing and maintaining the ERP system, as
well as improve data quality and consistency. According to one of the web search results1, “it’s
important to always keep those processes at the core of yourimplementation plan” and “an ERP
implementation is an opportunity to introduce a better process, not simply to automate an existing
inefficient one.” Another web search result2 states that “standardizing ERP processes across regions”
is one of the best practices for a successful ERP implementation. Therefore, the best approach in the
planning phase of the project is to minimize customization by standardizing ERP processes across
regions. Reference := 9 Key ERP Implementation Best Practices | NetSuite, 6 Best Practices for a
Successful ERP Implementation
While monitoring an enterprise's IT projects portfolio, it is discovered that a project is 75% complete,
but all budgeted resources have been expended. Which of the following is the MOST important task
to perform?
C
Explanation:
A business case is a document that justifies the initiation and continuation of a project based on its
expected benefits, costs, risks, and alignment with the strategic objectives of the organization. If a
project is experiencing a cost overrun, meaning that it has exceeded its initial budget, it is important
to re-evaluate the business case to determine whether the project is still viable and worth pursuing.
Re-evaluating the business case can help to identify the root causes of the cost overrun, assess the
impact of the overrun on the project’s value proposition, and decide whether to continue, modify, or
terminate the project. Reviewing the IT investments, reorganizing the IT projects portfolio, and
reviewing the IT governance structure are not the most important tasks to perform in this situation.
They are more likely to be part of the portfolio management or governance processes that should be
done regularly or periodically, not in response to a specific project issue. Moreover, they do not
directly address the problem of the cost overrun or its implications for the project’s feasibility and
desirability. Reference := What is a Business Case?, How to Write a Business Case, Project Cost
Overruns – Reasons, How to Prevent and Manage
Six months ago, an enterprise's CIO reorganized IT to improve service delivery to the business. Which
of the following would BEST demonstrate the effectiveness of the reorganization?
B
Explanation:
A balanced scorecard is a strategic management tool that measures and monitors the performance
of an organization against its vision, mission, goals, and objectives. It uses four perspectives:
financial, customer, internal process, and learning and growth. A balanced scorecard can help
demonstrate the effectiveness of the IT reorganization by showing how the IT function has improved
in terms of delivering value to the business, satisfying customer needs and expectations, optimizing
internal processes and workflows, and enhancing the skills and capabilities of the IT staff. According
to one of the web search results1, “a balanced scorecard can help evaluate the effectiveness of IT
governance by aligning IT activities with business strategies, assessing IT value delivery, identifying IT
strengths and weaknesses, and facilitating continuous improvement.” The number of help desk calls,
a survey of IT staff, and IT cost reduction are not the best indicators of the effectiveness of the IT
reorganization. They are more likely to reflect operational or tactical aspects of IT service delivery,
rather than strategic or holistic ones. They may also be influenced by other factors that are not
related to the IT reorganization, such as user behavior, staff morale, or market
conditions. Reference := Service Delivery for IT and Business | Splunk
An enterprise is evaluating a possible strategic initiative for which IT would be the main driver. There
are several risk scenarios associated with the initiative that have been identified. Which of the
following should be done FIRST to facilitate a decision?
B
Explanation:
Before deciding whether to pursue a strategic initiative, it is important to understand the potential
consequences of the risks involved. Assessing the impact of each risk means estimating how likely it
is to occur and how severe its effects would be on the enterprise’s objectives, performance,
reputation, or resources. This can help to prioritize the most critical risks and compare them with the
expected benefits of the initiative. According to one of the web search results1, “the impact
assessment is a key element of any risk management process. It helps to evaluate the significance of
each risk and determine the appropriate response strategy.” Defining the risk mitigation strategy,
establishing a baseline for each initiative, and selecting qualified personnel to manage the project
are important steps, but they are not the first ones. They aremore likely to be part of the
implementation or execution phase of the initiative, after it has been approved and
funded. Reference := Risk Impact Assessment and Prioritization
Enterprise IT has overseen the implementation of an array of data services with overlapping
functionality leading to business inefficiencies. Which of the following is the MOST likely cause of this
situation?
A
Explanation:
Information architecture (IA) is the process of guiding users through the site by organising and
arranging all the relevant content in a clear, intuitive way. It also ensures consistency throughout a
product’s design by standardising labelling conventions such as menu names, link titles, and button
labels across all pages1. If enterprise IT has overseen the implementation of an array of data services
with overlapping functionality, it may indicate that they have not followed a coherent and effective
IA strategy. This can lead to business inefficiencies, such as duplication of efforts, confusion among
users, and difficulty in finding and accessing information. According to one of the web search
results2, “Application rationalization is a simple first step to analyze the current architecture to
determine redundant applications, overlapping functionality, and software that is not exactly
current. As more companies move into a service-oriented architecture implementation, this analysis
is a cost-effective way to ensure that the IT resources are utilized in the most efficient manner.”
Ineffective project management, an outdated service level agreement (SLA), and an incomplete cost-
benefit analysis are not the most likely causes of this situation. They are more related to the
planning, execution, and evaluation of individual projects, rather than the overall design and
organisation of information systems. Reference := What is information architecture? - UX Design
Institute, Staying Current And Supporting Systems With Overlapping Functionality
Which of the following would be the BEST way to facilitate the adoption of strong IT governance
practices throughout a multi-divisional enterprise?
D
Explanation:
Documenting and communicating key management practices across divisions is the best way to
facilitate the adoption of strong IT governance practices throughout a multi-divisional enterprise.
This can help to ensure that all divisions are aware of and aligned with the corporate IT governance
framework, policies, and standards. It can also promote collaboration, coordination, and consistency
among the divisions, as well as transparency, accountability, and trust. According to one of the web
search results1, “communication is a critical success factor for IT governance implementation” and
“effective communication can help to create a shared understanding of IT governance objectives,
roles, responsibilities, and benefits among stakeholders.” Ensuring each divisional policy is consistent
with corporate policy, ensuring divisional governance fosters continuous improvement processes,
and mandating data standardization across the distributed enterprise are not the best ways to
facilitate the adoption of strong IT governance practices throughout a multi-divisional enterprise.
They are more likely to be part of the implementation or improvement of IT governance practices,
rather than the facilitation of them. They may also encounter resistance or challenges from the
divisions due to different business needs, cultures, or preferences. Reference := IT Governance
Practices For Improving Strategic And Operational …
An enterprise considers implementing a system that uses a technology that is not in line with its IT
strategy. The business case indicates significant benefit to the enterprise. Which of the following is
the BEST way to manage this situation within an IT governance framework?
D
Explanation:
An architecture exception process is a mechanism to handle requests for deviations from the
established IT architecture policies or standards. It allows the enterprise to evaluate the business
case, risks, benefits, and alternatives of implementing a system that uses a technology that is not in
line with its IT strategy. It also enables the enterprise to define the conditions, limitations, and
timelines for granting or denying the exception. According to one of the web search results1,
“requests for exceptions to any architectural policy or standard use this process” and “the decision
may include a deadline for removing the need for the exception, constraints on future projects, or
similar terms.” Addressing the situation as part of an architecture exception process is the best way
to manage it within an IT governance framework, as it provides a structured andtransparent way to
balance the business needs and the IT alignment. Updating the IT strategy to align with the new
technology, initiating an operational change request, or rejecting based on non-alignment are not
the best ways to manage the situation within an IT governance framework. They are more likely to
be either too rigid or too reactive, and may not consider the trade-offs or implications of the
decision..
Reference:
CGEIT Review Manual 2021, Chapter 1: Governance of Enterprise IT, Section 1.4: Value Delivery, page
CGEIT Review Questions, Answers & Explanations Manual 2021, Question 9, page 82
A Matrixed Approach to Designing IT Governance - MIT Sloan Management Review3
Enterprise Architecture Governance | The Definitive Guide - LeanIX4
Architecture Review Board Exception Process - Minnesota’s State Portal5
Which of the following groups should approve the implementation of new technology?
A
Explanation:
An IT steering committee is a group of senior executives who are responsible for directing,
reviewing, and approving IT strategic plans, overseeing major initiatives, and allocating resources.
They are the most appropriate group to approve the implementation of new technology, as they can
ensure that it aligns with the organization’s vision, mission, goals, and objectives. They can also
evaluate the business case, risks, benefits, and alternatives of the new technology and provide
guidance and support to the IT team. According to one of the web search results1, “the steering
committee establishes IT priorities for the business as a whole.” Reference := What is an IT Steering
Committee? – BMC Software | Blogs
A regulatory audit assessed an enterprise's main transactional application as noncompliant. In
addition to fines and required corrections, an agreement was reached to implement a set of
governance controls over IT. Accountability for these controls is BEST assigned to which of the
following?
D
Explanation:
The board of directors is ultimately responsible for the governance of IT and ensuring that IT
supports the enterprise’s objectives and strategy. The board of directors should also oversee the
implementation and monitoring of IT governance controls to ensure compliance with laws and
regulations. Reference: ISACA, CGEIT Review Manual, 7th Edition, 2019, page 17.
An enterprise can BEST assess the benefits of a new IT project through its life cycle by:
B
Explanation:
A business case is a document that outlines the rationale, objectives, benefits, costs, risks and
alternatives of a proposed IT project. A business case should be reviewed periodically throughout the
project life cycle to ensure that the project is still aligned with the enterprise’s strategy and goals,
and that the expected benefits are still achievable and realistic. A periodic review of the business
case can also help to identify any changes or issues that may affect the project’s scope, schedule,
budget or quality, and to take corrective actions accordingly. Reference: ISACA, CGEIT Review
Manual, 7th Edition, 2019, page 77. A guide to measuring benefits effectively. Cost-Benefit Analysis:
A Quick Guide with Examples and Templates.
The PRIMARY reason for an enterprise to adopt an IT governance framework is to:
A
Explanation:
IT governance is a framework that provides a formal structure for organizations to ensure that IT
investments support business objectives. The primary reason for an enterprise to adopt an
ITgovernance framework is to assure that IT sustains and extends the enterprise strategies and
objectives, by aligning IT with business needs, optimizing IT performance and value, managing IT
risks and resources, and measuring IT outcomes and benefits12. Reference: ISACA, CGEIT Review
Manual, 7th Edition, 2019, page 15. What Is IT Governance? Definition, Practices and Frameworks. IT
Governance: Definition, Frameworks, and Best Practices.