Which of the following is the PRIMARY ongoing responsibility of the IT governance function related to risk?

A. Responding to and controlling all IT risk events
B. Verifying that all business units have staff skilled at assessing risk
C. Communicating the enterprise risk management plan
D. Ensuring IT risk management is aligned with business risk appetite

A newly appointed CIO has issued a new IT strategic plan. Which of the following would be the MOST effective way for the CIO to ensure the IT management team is held accountable for the delivery of the plan?

A. Provide management training on IT strategic objectives.
B. Revise the managers' performance goals to include key objectives.
C. Enforce disciplinary action for managers if the plan is not delivered.
D. Update the IT balanced scorecard with key objectives.

Following a major IT incident that resulted in a loss to the enterprise, a CIO is preparing for a meeting with the board of directors to discuss what may have failed internally. Which of the following should the CIO do FIRST to provide assurance to the board?

A. Review the IT control environment.
B. Ensure IT and enterprise risk management alignment.
C. Review the incident response policy.
D. Verify continuous monitoring is being performed.

A newly established IT steering committee is concerned whether or not a system is meeting availability objectives. Which of the following will provide the BEST information to make an assessment?

A. Critical success factors
B. Balanced scorecard
C. Performance indicators
D. Capability maturity levels

A large enterprise has been experiencing high turnover of skilled IT personnel, resulting in a significant loss of knowledge within the IT department. Which of the following should be done FIRST to address this problem?

A. Conduct a survey of current IT staff.
B. Revise the IT resource management plan.
C. Update human resources policies and practices.
D. Develop an incentive scheme for IT employees.

A business has outsourced IT operations to several third-party providers, but service level agreements (SLAs) are not clearly defined in all cases. Which of the following is the GREATEST risk to the business?

A. Third parties could provide overlapping services.
B. Quality of services is not enforceable.
C. The scope of work is not clearly defined.
D. Costs are not measurable.

In a successful enterprise that is profitable in its marketplace and consistently growing in size, the non-IT workforce has grown by 50% in the last two years. The demand for IT staff in the marketplace is more than the supply, and the enterprise is losing staff to rival organizations. Due to the rapid growth, IT has struggled to keep up with the enterprise, and IT procedures and associated job roles are not well-defined. The MOST critical activity for reducing the impact caused by IT staff turnover is to:

A. outsource the IT operation.
B. increase compensation for IT staff.
C. hire temporary staff.
D. document processes and procedures.

An enterprise has decided to use third-party software for a business process which is hosted and supported by the same third party. The BEST way to provide quality of service oversight would be to establish a process:

A. to qualify service providers.
B. for enterprise architecture updates.
C. for robust change management.
D. for periodic service provider audits.

Which of the following is MOST critical to support IT governance cultural changes within an organization?

A. IT governance process manuals
B. Regularly scheduled governance training
C. Demonstrated management commitment
D. Established IT monitoring and measuring

An IT investment review board wants to ensure that IT will be able to support business initiatives. Each initiative is comprised of several interrelated IT projects. Which of the following would help ensure that the initiatives meet their goals?

A. Verification of initiatives against the architecture
B. Review of the business case for each initiative
C. Establishment of portfolio management
D. Review of project management methodology