When developing an IT strategic plan that supports an enterprise's business goals, which of the following should be done FIRST?

A. Understand the current vision.
B. Perform a business impact analysis.
C. Ensure that IT drives business goals.
D. Analyze benchmarking data.

Which of the following is the MOST important driver of IT governance?

A. Management transparency
B. Technical excellence
C. Effective internal controls
D. Quality measurement

From an IT governance perspective, which of the following would be the MOST significant impact of moving all IT applications to an external Software as a Service (SaaS) cloud provider?

A. The necessity to update key risk indicators (KRIs)
B. The integration of the IT department with business lines
C. The improvement of IT service alignment with business
D. The shift from service delivery to service management

The MOST effective way to ensure that IT supports the agile needs of an enterprise is to:

A. implement open source systems.
B. outsource infrastructure management.
C. develop a robust enterprise architecture (EA).
D. perform process modeling.

A multinational enterprise recently purchased a large company located in a different country. When introducing the concept of governance to the new acquisition, it is MOST important that executive management recognize:

A. the use of international standards.
B. language differences.
C. globally recognized good practices.
D. the impact of cultural changes.

A large retail chain realizes that while there has not been any loss of data, IT security has not been a priority and should become a key goal for the enterprise. What should be the FIRST high-level initiative for a newly created IT strategy committee in order to support this business goal?

A. Modernizing internal IT security practices
B. Identifying gaps in information asset protection
C. Recruiting and training qualified IT security staff
D. Defining data archiving and retrieval policies

How does an enterprise benefit from implementing a set of key risk indicators (KRIs)?

A. The set of KRIs remains relevant over time.
B. Risk exposures are monitored to ensure they remain within risk appetite.
C. The need for a formal risk and control assessment program is eliminated.
D. The frequency of risk data gathering and reporting is minimized.

A CIO determines IT investment management processes are not fully realizing the benefits identified in business cases. Which of the following would be the BEST way to prevent this issue?

A. Document lessons learned throughout the investment life cycle.
B. Perform stage-gate reviews throughout the life cycle of each project.
C. Evaluate the delegation of investment approval authorities.
D. Establish a requirement for CIO review and approval of each business case.

A contracted company employs key IT systems operational personnel to oversee technology used to manage a critical line of business. Management is concerned that a mass resignation by many disgruntled personnel may lead to a shutdown of these key systems. Which of the following should be the PRIMARY responsibility of IT governance to address this risk?

A. Renegotiate employment agreements to lessen the likelihood of a mass resignation.
B. Cross train management to assume support of the technology.
C. Develop a resourcing strategy that quickly replaces staff.
D. Survey key support staff to determine what is causing them to be disgruntled.

An IT governance committee is defining a risk management policy for a portfolio of IT-enabled investments. Which of the following should be the PRIMARY consideration when developing the policy?

A. Risk appetite of the enterprise
B. Risk management framework
C. Value obtained with minimum risk
D. Possible investment failures