Which of the following is the BEST method for determining an enterprise's current appetite for risk?

A. Assessing social media adoption
B. Evaluating the balanced scorecard
C. Reviewing recent audit findings
D. Interviewing senior management

To ensure that the process of developing a business case for IT-enabled investments continually supports benefits realization, the benefits expected from investment programs must be actively managed through:

A. the system development life cycle.
B. the economic life cycle.
C. obsolescence planning.
D. project life cycle.

Which of the following would BEST align an enterprise’s IT investments with its strategic objectives?

A. High process maturity score
B. IT budget and financial statements
C. Control self-assessment
D. Portfolio management

A business unit within an enterprise has directly contracted with a cloud service provider to process sensitive customer information. The CIO later identifies a serious risk of potential data compromise due to the vendor’s insufficient segregation of environments and lack of strong access controls. The FIRST course of action should be to:

A. immediately suspend sending of data to the cloud service provider.
B. notify internal audit of the risk.
C. discuss the risk with the vendor to determine mitigation actions.
D. inform the business process owner of the risk.

The IT program manager does not see the value of conducting risk assessments for a new major IT project. The manager is reluctant to cooperate with internal auditors and the newly formed steering committee. Midway through the project, program requirements were changed because the CEO is a friend of a vendor and wants to implement this vendor’s new technology. This decision will cause the current IT program budget to be insufficient and will be shown as overspending, After the requirement change request, the IT program manager should FIRST:

A. report the matter to internal audit as a program deviation to be reviewed.
B. obtain confirmation from the business and a decision by the steering committee.
C. align IT with the business and agree to the business request.
D. request additional funding from the business owner to cover the additional scope.

An enterprise is concerned that ongoing maintenance costs are not being considered when prioritizing IT-enabled business investments. Which of the following should be the enterprise’s FIRST course of action?

A. Require business cases to have product life cycle information.
B. Establish a portfolio manager role to monitor and control the IT projects.
C. Mandate an enterprise architecture review with business stakeholders.
D. Implement a balanced scorecard for the IT project portfolio.

The BEST time to identify metrics to measure the performance of an IT-enabled investment is during:

A. investment feasibility analysis.
B. system implementation.
C. project initiation.
D. business case development.

Which of the following will BEST help to ensure that the governance of enterprise IT is consistently executed?

A. Regular review of IT policies and procedures
B. Defined key risk indicators
C. Established and monitored IT management processes
D. Experienced and skilled IT leadership

Which of the following is the MOST effective measure to assist in the evaluation of IT value delivery?

A. Actual benefits derived from the achievement of business objectives
B. Increase in user productivity
C. Trends in service capacity and availability metrics
D. Increase in customer satisfaction survey results

To evaluate IT resource management, it is MOST important to define:

A. principles for the IT strategy.
B. responsibilities for executing resource management.
C. applicable key goals.
D. IT resource utilization reporting procedures.