Establishing a uniform definition for likelihood and impact through risk management standards PRIMARILY addresses which of the following concerns?

A. Lack of strategic IT alignment
B. Conflicting interpretations of risk levels
C. Inconsistent data classification
D. Inconsistent categories of vulnerabilities

Which of the following provides the BEST evidence of an IT risk-aware culture across an enterprise?

A. The IT infrastructure is resilient.
B. IT risks are communicated to the business.
C. Business staff report identified IT risks.
D. IT risk-related policies are published.

The board of directors has mandated the use of geolocation software to track mobile assets assigned to employees who travel outside of their home country. To comply with this mandate, the IT steering committee should FIRST request:

A. an assessment to determine if data privacy protection is addressed.
B. the inclusion of mandatory training for remote device users.
C. an update to the acceptable use policy.
D. an architectural review to determine appropriate solution design.

When aligning IT and enterprise resource management processes, it is MOST important to ensure:

A. the resource management program is monitored.
B. IT resources are mapped to business priorities.
C. an IT sourcing policy has been defined.
D. IT develops business strategies.

A marketing enterprise is considering procuring customer information to more accurately target customer communications and increase sales. The data has a very high cost to the enterprise. Which of the following would provide the MOST comprehensive view into the potential value to the organization?

A. Risk assessment results
B. Cost-benefit analysis results
C. Net present value (NPV) calculation
D. Investment services board review

In an enterprise that has worldwide business units and a centralized financial control model, which of the following is a barrier to strategic alignment of business and IT?

A. Each business unit has its own steering committee for IT investment and prioritization.
B. The enterprise's CIO is a member of the executive committee.
C. IT is the exclusive provider of IT services to the business units.
D. Uniform portfolio management is in place throughout the business units.

The BEST way to decide how to prioritize issues identified in an IT risk and control self-assessment (CSA) is to understand the risk and:

A. number of IT systems affected.
B. impact to the enterprise.
C. funds required for remediation.
D. criticality of IT services affected.

Which of the following is the MOST important reason to include internal audit as a stakeholder when establishing clear roles for the governance of IT?

A. Internal audit is accountable for the overall enterprise governance of IT.
B. Internal audit has knowledge and technical expertise to advise on IT infrastructure.
C. Internal audit implements controls over IT risks and security.
D. Internal audit provides input on relevant issues and control processes.

An enterprise has been focused on establishing an IT risk management framework. Which of the following should be the PRIMARY motivation behind this objective?

A. Increasing the enterprise's risk tolerance level and risk appetite.
B. Engaging executives in examining IT risk when developing policies.
C. Promoting responsibility throughout the enterprise for managing IT risk.
D. Maintaining a complete and accurate risk registry to better manage IT risk.

A major data leakage incident at an enterprise has resulted in a mandate to strengthen and enforce current data governance practices. Which of the following should be done FIRST to achieve this objective?

A. Review data logs.
B. Assess data security controls.
C. Verify data owners.
D. Analyze data quality.