When establishing a comprehensive approach for analyzing IT risk in an international, multi-division enterprise, it is MOST important to ensure:

A. IT senior managers perform the analysis.
B. risk management methodologies are aligned with local best practices.
C. a consistent risk management methodology is used.
D. risk scenarios are compartmentalized by division.

An IT steering committee wants the enterprise's mobile workforce to use cloud-based file storage to save non-sensitive corporate data, removing the need for remote access to that information. Before this change is implemented, what should be included in the data management policy?

A. A process for blocking access to cloud-based apps if inappropriate content is discovered
B. A requirement to scan approved cloud-based apps for inappropriate content
C. A mandate for periodic employee training on how to classify corporate data files
D. A mandate for the encryption of all corporate data files at rest that contain sensitive data

An enterprise is conducting a SWOT analysis as part of IT strategy development. Which of the following would be MOST helpful to identify opportunities and threats?

A. Risk appetite
B. Competitor analysis
C. Critical success factors (CSF)
D. Internal framework assessment

The CIO of an international enterprise is considering the use of an offshore cloud service provider to store customer data. Which of the following should be the MOST important consideration when making this decision?

A. The cloud service provider's reputation
B. IT service delivery roles and responsibilities
C. Likelihood of natural disasters
D. Compliance with applicable legislation

An enterprise's internal audit group has scheduled a control review of a payroll system project but has been told to wait until the system is implemented. Which of the following is the GREATEST risk associated with the delay?

A. Increased cost to mitigate deficiencies
B. A delay in the development of new key performance indicators (KPIs)
C. Continued dependency on compliant legacy systems
D. Lack of adherence to industry best practices

Which of the following should be the FIRST step in updating an IT strategic plan?

A. Identify changes in enterprise goals.
B. Review IT performance objectives and indicators.
C. Evaluate IT capabilities and resources.
D. Revise the enterprise architecture (EA).

The MOST successful IT performance metrics are those that:

A. are approved by the stakeholders.
B. measure all areas.
C. measure financial results.
D. contain objective measures.

The board of directors of a large organization has directed IT senior management to improve IT governance within the organization. IT senior management's MOST important course of action should be to:

A. analyze IT service levels and performance.
B. review IT strategy and direction.
C. understand the driver that led to a desire to change.
D. assess the current state of IT governance within the organization.

The CIO in a large enterprise is seeking assurance that significant IT risk is being proactively monitored and does not exceed agreed risk tolerance levels. The BEST way to provide this ongoing assurance is to require the development of:

A. key risk indicators (KRIs).
B. an IT risk appetite statement.
C. a risk management policy.
D. a risk register.

An enterprise's board of directors has determined that IT is not sufficiently supporting its corporate objectives, and has established a committee to address this problem. Which of the following should be the committee's FIRST action?

A. Create an IT strategic plan.
B. Implement a continuous improvement plan.
C. Develop a service level management plan.
D. Specify IT human resource performance measures.