The PRIMARY reason for implementing an IT governance program in an enterprise is to:

A. comply with regulatory requirements.
B. balance the demand for information and the ability to deliver.
C. decrease the scale of investment in information systems due to budgetary controls.
D. reduce risks due to improved compensating controls.

An enterprise wants to implement an IT governance framework to ensure enterprise expectations of IT are met. Which of the following would be the MOST beneficial outcome of implementing the framework?

A. Optimization of IT performance
B. Development of IT policies
C. Creation of an IT balanced scorecard
D. Establishment of key IT risk indicators

Which of the following would a CIO use to present the overall view of IT performance to the board of directors?

A. Maturity model
B. Balanced scorecard
C. Key performance indicators (KPIs)
D. Key risk indicators (KRIS)

A CIO is planning to implement an enterprise resource planning (ERP) system at the request of the business. Of the following, who is accountable for providing sponsorship for the IT-enabled change across the enterprise?

A. CIO
B. CEO
C. IT strategy committee
D. Human resource director

The PRIMARY reason for using quantitative criteria in developing business cases for IT projects is to:

A. benchmark project success with similar enterprises.
B. learn lessons from errors made in past projects.
C. improve the process of evaluating returns after implementation.
D. apply other corporate standards to the development project.

An independent consultant has been hired to conduct an ad hoc audit of an enterprise's information security office with results reported to the IT governance committee and the board. Which of the following is MOST important to provide to the consultant before the audit begins?

A. The scope and stakeholders of the audit
B. The organizational structure of the security office
C. The polices and framework used by the security office
D. Acceptance of the audit risks and opportunities

To ensure IT risk is managed in a consistent manner, it is MOST important for IT governance to establish a:

A. risk management reporting tool to ensure compliance.
B. balanced scorecard that includes IT risks.
C. risk management committee to identify IT-related risks.
D. risk management framework.

Which of the following should occur FIRST in the IT investment process?

A. Analyze the risks and benefits of the investment for each IT project.
B. Assess each project’s impact on the enterprise’s investment plan.
C. Select IT projects that will best support the enterprise’s mission.
D. Analyze IT investments based on past data.

The accountability for a business continuity program for business-critical systems is BEST assigned to the:

A. director of internal audit,
B. enterprise risk manager.
C. chief information officer.
D. chief executive officer.

Which of the following is the MOST important input for designing a development program to help IT employees improve their ability to respond to business needs?

A. Skills competency assessment
B. Cost-benefit analysis
C. Annual performance evaluations
D. Capability maturity model