An enterprise's board of directors can BEST manage enterprise risk by:

A. mandating board-approved enterprise risk management (ERM) modifications.
B. requiring the establishment of an enterprise-wide program management office.
C. ensuring the cost-effectiveness of the internal control system.
D. requiring the establishment of an enterprise risk management (ERM) framework.

An enterprise has a large backlog of IT projects. The current strategy is to execute projects as they are submitted, but executive management does not believe this method is optimal. Which of the following is the MOST important action to address this concern?

A. Establish a performance dashboard that determines business value.
B. Create a combined business/IT committee to determine project prioritization.
C. Implement a methodology to prioritize projects based on resource availability.
D. Implement stage-gating to determine the value of each project.

Several experienced IT resources have been hired away by a competitor. These individuals created and managed a business critical system that gave the enterprise a market advantage. Which of the following should be the PRIMARY concern of the system's business owner?

A. The impact on morale of the remaining IT employees
B. The competitor hiring additional IT employees from the enterprise
C. Whether access to the system and data has been adequately revoked
D. Whether remaining staff are able to maintain the quality of the system

The board of directors of a major retail chain wants to know what capabilities are in place to prevent customer credit card data from being hacked. Which of the following should be established to provide useful information about a potential future event?

A. Risk tolerance
B. Lead indicators
C. Lag indicators
D. Performance indicators

What information is MOST important to include when reporting key risk indicators to the board of directors?

A. The effect of emerging risk trends on current risk exposure
B. Risk appetite, risk threshold and risk tolerance
C. Classification of current business risk
D. Costs and resource needs related to risk mitigation measures

To enable consistent assessment of candidate program investments for inclusion into the IT portfolio, it is MOST important to identify:

A. an IT balanced scorecard.
B. the impact on enterprise architecture.
C. common selection criteria.
D. currently available resources.

Which of the following aspects of the transition from X-rays to digital images would be BEST addressed by implementing information security policy and procedures?

A. Establishing data retention procedures
B. Training technicians on acceptable use policy
C. Minimizing the impact of hospital operation disruptions on patient care
D. Protecting personal health information

The PRIMARY reason a CIO and IT senior management should stay aware of the business environment is to:

A. measure efficiency of IT resources.
B. revisit prioritization of IT projects.
C. re-assess the IT investment portfolio.
D. adjust IT strategy as needed.

Despite an adequate training budget, IT staff are not keeping skills current with emerging technologies critical to the enterprise. The BEST way for the enterprise to address this situation would be to:

A. establish an agreed-upon skills development plan with each employee.
B. allow staff to attend technology conferences.
C. create a standard-setting center of excellence.
D. assign human resources (HR) to develop an IT skills matrix.

Besides the mitigation of IT risk, which of the following is the PRIMARY outcome of IT governance?

A. Control of IT processes
B. Meeting of IT financial goals
C. Resolution of IT audit findings
D. Value delivery of IT to the business