Which of the following is the BEST indicator of the effectiveness of IT governance in an enterprise?

A. Project delivery
B. Value delivery
C. Residual risk
D. Resource utilization

An IT steering committee is presented with an audit finding that new software applications are delivered on time but consistently have unacceptable levels of defects. Which of the following would be the BEST direction from the committee?

A. Establish code peer reviews.
B. Evaluate the change management process.
C. Implement performance indicators.
D. Evaluate the quality assurance process.

A new CEO is made aware of a lack of cooperation between IT and business units and needs to take action to enable more efficient IT delivery of solutions to support the business. What should be the FIRST step to address this concern?

A. Introduce IT related key performance indicators (KPIs).
B. Establish business user group training for increased collaboration.
C. Clarify roles and assign accountabilities for results.
D. Implement a continuous auditing policy for IT initiatives.

After performing a gap analysis of IT risks and controls capability, the MOST important consideration for the associated risk responses is that they are:

A. added to the IT balanced scorecard.
B. approved by executive management.
C. assessed for severity of impact.
D. submitted to the audit committee.

An enterprise has an overarching enterprise architecture document. The CIO is concerned that EA is not leveraged in recent IT-enabled investments. Which of the following would BEST help to address these concerns and enforce the leveraging of enterprise architecture?

A. Require enterprise architecture review at key milestones.
B. Publish and train on the enterprise architecture document.
C. Form a team to update enterprise architecture regularly.
D. Adopt a globally-recognized enterprise architecture framework.

An enterprise is assessing whether to utilize wearable technology. The enterprise has no prior experience with this technology and has asked the chief technology officer (CTO) to assess the impact to the enterprise. The CTO should FIRST:

A. prioritize wearable technology risk.
B. understand the enterprise's risk tolerance.
C. map the business goals to IT risk processes.
D. create an IT risk scorecard.

A CEO of a large enterprise is concerned that risk events are not regularly addressed at the C-suite level unless related to emergency incidents. Which of the following is the BEST way for the CEO to ensure risk events are given sufficient time and attention?

A. Instruct managers to take ownership for their department’s identified risks.
B. Issue performance objectives that target the elimination of enterprise risks.
C. Include the discussion of key enterprise risk as an agenda item at board meetings.
D. Require the development of a risk procedure on how to capture risks.

IT senior management has just received a survey report indicating that more than one third of the organization’s key IT staff plan to retire within the next 12 months. Which of the following is the MOST important governance action to prepare for this possibility?

A. Request the development of a succession plan.
B. Engage HR for recruitment of new staff.
C. Evaluate lower-level staff as succession candidates.
D. Review motivation drivers for key IT staff.

In an effort to reduce operation costs, an enterprise is switching from all internally-hosted applications to a mixture of internally- and externally-hosted applications. Of the following, the risk appetite for this decision would BEST be defined by the:

A. vendor oversight committee.
B. board of directors.
C. chief information security officer.
D. chief information officer.

An enterprise has recently experienced an excessive number of exceptions due to outdated control frameworks. What should the leadership team do FIRST?

A. Mandate a reassessment of the current control frameworks.
B. Review the IT control standards.
C. Mandate strict adherence to control frameworks.
D. Update the exception review and approval process.