An enterprise developed a new e-business web application designed to broaden its sales base. Internal project management guidelines were followed, but indicators for key goals were not established. Which of the following should be the MAIN concern of the IT steering committee?

A. It may be difficult to align IT objectives with performance.
B. Benefits realization may not be properly assessed.
C. Resources may not be optimally utilized.
D. Return on investment may be difficult to evaluate.

A global enterprise is experiencing an economic downturn and is rapidly losing market share. IT senior management is reassessing the core activities of the business, including IT, and the associated resource implications. Management has decided to focus on its local market and to close international operations. A critical issue from a resource management perspective is to retain the most capable staff. This is BEST achieved by:

A. reviewing current goals-based performance appraisals across the enterprise.
B. retaining capable staff exclusively from the local market.
C. ranking employees across the enterprise based on length of service.
D. ranking employees across the enterprise based on their compensation.

The PRIMARY objective of IT resource planning within an enterprise should be to:

A. maximize value received from IT.
B. determine risk associated with IT resources.
C. determine IT outsourcing options.
D. finalize service level agreements for IT.

When designing an IT governance framework, the PRIMARY consideration should be to:

A. comply with external monitoring standards.
B. ensure stakeholders receive value from IT.
C. require cost-benefit analysis before implementing controls.
D. benchmark controls against industry best practices.

An enterprise learns that a new privacy regulation was recently published to protect customers in the event of a breach involving personally identifiable information (PII). The IT risk management team’s FIRST course of action should be to:

A. evaluate the risk appetite for the new regulation.
B. determine if the new regulation introduces new risk.
C. assign a risk owner for the new regulation.
D. define the risk tolerance for the new regulation.

Senior management is concerned about an increase in cybersecurity risk to the enterprise. Which of the following would be MOST helpful in establishing an early warning system to determine which potential threats should be escalated to senior management?

A. Agreed-upon risk thresholds
B. A risk appetite statement
C. Key performance indicators (KPIs)
D. Patch management logs

Which of the following is the MOST important outcome of a formal, documented IT policy?

A. Alignment with IT service management
B. Communication of IT management intent
C. Mapping of business objectives
D. Resource optimization for enterprise initiatives

Which of the following is a CIO’s BEST approach to ensure IT executes against an approved strategy?

A. Request IT senior leaders to collectively plan tactics for execution.
B. Ask project management to define the IT activities for accomplishing the strategy.
C. Provide specific direction for execution of the tasks across IT.
D. Have IT leaders independently develop goals for their teams.

An enterprise has a zero-tolerance policy regarding security. This policy is causing a large number of email attachments to be blocked and is a disruption to the enterprise. Which of the following should be the FIRST governance step to address this email issue?

A. Obtain senior management input based on identified risk.
B. Direct the development of an email usage policy.
C. Recommend business sign-off on the zero-tolerance policy.
D. Introduce an exception process.

To help ensure that an IT dashboard effectively conveys the current state of IT to senior management, which of the following is MOST important to establish?

A. Key performance indicators (KPIs)
B. Emerging threat analysis reporting
C. An IT risk awareness program
D. IT spend against budget