Which of the following should be the MOST important consideration when designing an implementation plan for IT governance?

A. Roles and responsibilities
B. Risk tolerance levels
C. Organization culture
D. Principle and policies

A retail enterprise wants to leverage emerging technologies to create a new sales channel for its customers. However, IT has little experience with these technologies and is unsure if the proposed schedule can be met. Which of the following will BEST help to determine IT's ability to meet this need?

A. Conducting a resource gap assessment
B. Defining business benefits realization metrics
C. Reviewing the resource management policy
D. Developing a target state enterprise architecture

To support the enterprise's digital transformation, the CIO has been asked to include an Internet of Things (IoT) component in the IT strategy. Which of the following should be the FIRST consideration?

A. Ensuring IoT usage in the industry has been analyzed
B. Ensuring IoT can be used in current revenue streams
C. Ensuring solution providers and their IoT use cases have been researched
D. Ensuring initial approvals are limited to small IoT projects to gain experience

A steering committee has been advised by the IT project management office that individual business units are building systems components that could be leveraged by other business units. Instead, identical components are being duplicated across the enterprise. Which of the following committee directives would be the BEST way to reduce the likelihood of this duplication?

A. Implement stage gate reviews to assess systems.
B. Establish an enterprise architecture.
C. Perform an assessment of change management processes.
D. Review IT system release management practices.

The BEST way to determine the effectiveness of an enterprise's IT governance framework is by assessing the:

A. value of IT contribution.
B. maturity of IT processes.
C. application of IT standards.
D. compliance to IT policy.

The approval of an enterprise risk management framework is the role of the:

A. chief information officer.
B. chief risk officer.
C. IT steering committee
D. board of directors.

In a large enterprise, which of the following should be responsible for the implementation of an IT balanced scorecard?

A. IT steering committee
B. Chief risk officer
C. Project management office
D. Chief information officer

A multinational enterprise is planning to migrate to cloud-based systems. Which of the following should be of MOST concern to the risk management committee?

A. Resource alignment
B. Security breaches
C. Regulatory compliance
D. Cost considerations

Which of the following should be the MOST essential consideration when outsourcing IT services?

A. Alignment with existing HR policies and practices
B. Adoption of a diverse vendor selection process
C. Identification of core and non-core business processes
D. Compliance with enterprise architecture

Of the following, the BEST response to the absence of a data security breach notification by a service provider is to contractually require that:

A. security incidents identified by the provider be reported.
B. security related key performance indicators be included in all service level agreements.
C. security incident information be shared only on a need-to-know basis.
D. a registry of all security breaches be maintained by the service provider.