During the implementation phase of a central ERP system, a project manager identifies a significant lack of human capabilities to support the system. The issue is reported to the project sponsor, and the sponsor sends a request for an increase in the budget to the IT steering committee. What should be the IT steering committee's FIRST action?

A. Require a revised business case.
B. Approve the budget request.
C. Provide appropriate training.
D. Refer back to the project sponsor for resolution.

A regional business unit of a major financial institution is considering the use of a Software as a Service (SaaS) cloud vendor to implement a new system. Which of the following should be performed FIRST?

A. Update the outsourcing policy.
B. Investigate on-premise software solutions.
C. Develop a business case.
D. Determine if the cloud vendor has a secure data center.

When developing a business case for an enterprise resource planning (ERP) implementation, which of the following, if overlooked, causes the GREATEST impact to the enterprise?

A. Salvage value of legacy hardware
B. IT best practices
C. Interdependent systems
D. Vendor selection

It has been discovered that multiple business units across an enterprise are using duplicate IT applications and services to fulfill their individual needs. Which of the following would be MOST helpful to address this concern?

A. IT project roadmap
B. IT service management
C. Enterprise architecture
D. Enterprise risk framework

Senior leadership is concerned about a recent trend of excessive exceptions to existing controls. Which of the following should be implemented to address this concern?

A. Continuous monitoring
B. Independent audits
C. A control library
D. Risk awareness training

An analysis of an organization's security breach is complete. The results indicate that the quality of the code used for updates to its primary customer-facing software has been declining and security flaws were introduced. The FIRST IT governance action to correct this problem should be to review:

A. the incident response plan.
B. the change management control framework.
C. compliance with the user testing process.
D. the qualifications of developers to write secure code.

The CIO of a large enterprise has taken the necessary steps to align IT objectives with business objectives. The BEST way for the CIO to ensure these objectives are delivered effectively by IT staff is to:

A. enhance the budget for training based on the IT objectives.
B. include the IT objectives in staff performance plans.
C. include CIO sign-off of the objectives as part of the IT strategic plan.
D. map the IT objectives to an industry-accepted framework.

An IT steering committee is preparing to review proposals for projects that implement emerging technologies. In anticipation of the review, the committee should FIRST:

A. require a review of the enterprise risk management framework.
B. understand how the emerging technologies will influence risk across the enterprise.
C. determine if the IT staff can support the emerging technologies.
D. require a capacity plan and framework review for the emerging technologies.

An enterprise has entered into a new market which brings additional regulatory compliance requirements. To address these new requirements, the enterprise should FIRST:

A. update the organization's risk profile.
B. have executive management monitor compliance.
C. outsource the compliance process.
D. appoint a compliance officer.

An enterprise is undertaking a multi-year portfolio of IT initiatives to replace core accounting systems. The program management team has developed a business case and is defining a roadmap for the initiatives. Of the following, who should be responsible for defining the optimization criteria for the portfolio?

A. Project management office
B. Board of directors
C. Program management team
D. IT steering committee