A regulatory audit of an IT department has identified discrepancies between processes described in the procedures and what is actually done by system administrators. The discrepancies were caused by recent IT application changes. Which of the following would be the BEST way to prevent the recurrence of similar findings in the future?

A. Include the update of documentation within the change management framework.
B. Assign the responsibility for periodic revisions and changes to process owners.
C. Require each IT employee to confirm compliance with IT procedures on an annual basis.
D. Establish high-level procedures to minimize process changes.

From a governance perspective, which of the following is MOST important to enhance in an enterprise undergoing rapid development of a cloud technology?

A. Change management processes to capture organizational and project changes.
B. Data restructuring plan to ensure the architecture supports future changes.
C. IT project dashboard reporting to capture new risk, threats, and scenarios.
D. Configuration management processes to ensure availability goals are maintained.

An IT strategy committee wants to evaluate how well the IT department supports the business strategy. Which of the following is the BEST method for making this determination?

A. Capability maturity assessment
B. IT balanced scorecard reporting
C. IT controls assurance program
D. Customer survey analysis

Which of the following BEST reflects mature risk management in an enterprise?

A. A regularly updated risk register
B. Responsive risk awareness culture
C. Ongoing risk assessment
D. Ongoing investment in risk mitigation

An enterprise is planning to migrate its IT infrastructure to a cloud-based solution but does not have experience with this technology. Which of the following should be done FIRST to reduce the risk of IT service disruptions when using this new technology?

A. Evaluate the sourcing options.
B. Reflect the change in the enterprise architecture (EA).
C. Implement key performance indicators (KPIs).
D. Engage an experienced IT consultant to perform the migration.

When conducting a risk assessment in support of a new regulatory requirement, the IT risk committee should FIRST consider the:

A. cost burden to achieve compliance.
B. disruption to normal business operations.
C. readiness of IT systems to address the risk.
D. risk profile of the enterprise.

Which of the following is the PRIMARY role of an enterprise architecture?

A. Improves transparency and compliance
B. Provides a visual perspective of information systems
C. Improves interoperability and scalability
D. Ensures continuous innovation

An enterprise has made a decision to move some business applications to the public cloud despite being very new to the cloud environment. What is MOST important for the CIO to do to help ensure the success of this initiative?

A. Review the vendor management framework.
B. Request a right-to-audit clause in the provider contract.
C. Require a vulnerability and threat assessment.
D. Ensure the cloud provider complies with international standards.

Which of the following is MOST critical for the successful implementation of an IT process?

A. Objectives and metrics
B. IT process assessment
C. Process framework
D. Service delivery process model

Once the strategic vision has been established, which of the following would be the BEST activity for supporting the implementation of performance measures?

A. Document policy requirements.
B. Document strengths, weaknesses, opportunities, and threats.
C. Identify key performance indicators (KPIs).
D. Monitor service level performance.