An enterprise is evaluating a Software-as-a-Service (SaaS) solution to support a core business process. There is no outsourcing governance or vendor management in place. The CEO's FIRST course of action should be to:

A. establish a contract with the SaaS solution provider.
B. instruct management to use the standard procurement process.
C. ensure the service level agreements (SLAs) for service providers are defined.
D. ensure the roles and responsibilities to manage service providers are defined.

After shifting from lease to purchase of IT infrastructure and software licenses, an enterprise has to pay for unexpected lease extensions causing significant cost overruns. The BEST direction for the IT steering committee would be to establish:

A. a program to annually review financial policy on overruns.
B. an end-of-life program to remove aging infrastructure from the environment.
C. budget cuts to compensate for the cost overruns.
D. a policy to consider total cost of ownership in investment decisions.

A company is considering selling products online, and the CIO has been asked to advise the board of directors of potential problems with this strategy. Which of the following would be the CIO's BEST course of action?

A. Perform a risk assessment.
B. Review the security framework.
C. Conduct a return on investment analysis.
D. Review the enterprise architecture.

When defining an enterprise governance framework, the PRIMARY determination of the degree to which the framework is principle-based or policy-based is:

A. enterprise architecture framework.
B. organizational decision-making style.
C. IT process maturity.
D. organizational structure.

The MOST beneficial aspect of utilizing an IT risk management framework is that it:

A. addresses a lack of data in risk reporting.
B. facilitates the identification of technologies posing the greatest risk to IT.
C. enables a consistent approach to risk management.
D. drives inclusion of the technology function in enterprise risk management.

A new IT initiative is delivered successfully. Which of the following should be updated to reflect the new technology?

A. Balanced scorecard
B. IT strategy
C. IT tactical plan
D. Enterprise architecture

While assessing the feasibility of introducing new IT practices and standards into the IT governance framework, it is CRITICAL to understand an organization's:

A. maturity of IT processes.
B. culture.
C. enterprise architecture.
D. level of outsourcing.

Which of the following is PRIMARILY achieved through performance measurement?

A. Process improvement
B. Benefit realization
C. Cost efficiency
D. Transparency

The BEST way for a CIO to monitor the alignment between the business and IT strategy is to regularly review:

A. IT services supporting business processes.
B. the balanced scorecard.
C. key risk indicators (KRIs).
D. the risk register.

Which of the following is the BEST outcome measure to determine the effectiveness of IT risk management processes?

A. Time lag between when IT risk is identified and the enterprise's response
B. Percentage of business users satisfied with the quality of risk training
C. Frequency of updates to the IT risk register
D. Number of events impacting business processes due to delays in responding to risks