A large bank has completed several acquisitions in the last few years that have resulted in redundant IT applications. To align with the strategic initiative of providing integrated services to customers, the IT steering committee has decided to share data and integrate applications. Which of the following would be MOST important to review in this situation?

A. IT risk register
B. Balanced scorecard measures
C. Enterprise architecture
D. IT strategic plan

Which of the following is the PRIMARY purpose of an effective set of key risk indicators (KRIs)?

A. Identifying possible future adverse impacts on the enterprise
B. Evaluating existing technology for risk monitoring capabilities
C. Establishing executive level buy-in of the risk program
D. Quantifying the productivity of the risk management team

Which of the following characteristics would BEST indicate that an IT process is a good candidate for outsourcing?

A. Operational processes that are well-defined
B. Non-strategic processes that are not documented
C. Strategic processes that require expert professionals
D. Processes with higher risk to the enterprise

Which of the following is the BEST way to implement effective IT risk management?

A. Minimize the number of IT risk management decision points.
B. Adopt risk management processes.
C. Establish a risk management function.
D. Align with business risk management processes.

An IT strategy committee has reviewed an audit report indicating sales employees are using personal smartphones to conduct corporate business. Although the committee appreciates the business benefits, it is also concerned with the security risk. To deliver the business benefit, the committee’s FIRST recommendation should be to:

A. update the corporate security policy to include personal devices.
B. document procedures for securing personal devices.
C. improve training courses on securing corporate information.
D. perform a risk assessment on personal device data protection.

An enterprise has an ongoing issue of corporate applications not delivering the expected benefits due to missing key functionality. As a result, many groups are using spreadsheets and databases instead of approved enterprise applications to store and manipulate information. Which of the following will BEST improve the success rate of future IT initiatives?

A. Engage the business user community in acceptance testing of acquired applications.
B. Prohibit the use of non-approved alternate software solutions.
C. Establish a process for risk and value management.
D. Engage stakeholders to identify and validate business requirements.

An enterprise’s board of directors has asked the CIO to implement ways to make the IT function more environmentally responsible. Which of the following should be the CIO’s FIRST step to ensure continued alignment of IT needs with the requirements of the board?

A. Create a staff awareness education plan focused on IT environmental responsibility.
B. Incorporate new environmentally responsible objectives into existing IT goals.
C. Assess potential environmentally responsible IT initiatives.
D. Write a business case for an environmentally responsible initiative for IT.

An enterprise makes an acquisition of a similar entity offering related services. A consequence of the acquisition is a reduction of IT workforce. When addressing human resource allocation, the MOST important IT governance consideration is to:

A. manage organizational change.
B. assess 7 skill sets.
C. monitor team expenditures.
D. cross-train IT resources.

An IT steering committee is concerned that enterprise technologies have grown stagnant and are outdated. Which of the following is the BEST strategy to invest in modem technology?

A. Redefine the target architecture to define new technologies that can be incorporated into the infrastructure.
B. Create a new investment category for innovation that becomes a new way for tracking investment decisions/
C. Update the IT human resource management plan to requite training and development for emerging technologies.
D. Decrease spending on steady state and increase spending on modernization and enhancements.

Which of the following would be the BEST way for a CIO to enhance security risk management alignment between IT and business?

A. Facilitate joint workshops for IT and the business on risk assessment techniques.
B. Analyze benchmark reports to understand the organization's security investments against competitors.
C. Establish a process in which IT and the business collaborate on risk assessment and mitigation prioritization.
D. Perform a trend analysis based on security investment levels and business initiatives.