Isaca COBIT 2019 Practice Test - Questions Answers, Page 15

The IT implementation methods design factor describes how an enterprise develops, delivers, and maintains its IT solutions. DevOps is an IT implementation method that emphasizes collaboration, automation, integration, and feedback between the development and operations teams throughout the software development life cycle. One of the management objectives that should be prioritized when using DevOps is managed solution identification and build (BAI03), which involves defining, designing, building, testing, and deploying IT solutions that meet stakeholder requirements and expectations. This management objective supports the DevOps principles of continuous delivery, continuous integration, continuous testing, and continuous deployment, which aim to deliver high-quality IT solutions faster and more reliably.

Reference:: COBIT 2019 Design Guide, page 43-45 : COBIT 2019 Process Reference Guide, page 67-69

The key program roles are the roles that are responsible for leading, directing, managing, supporting, and executing the EGIT implementation program. The nomination of these roles is a critical step in creating the appropriate governance environment for the program. One of the roles that should be involved in this nomination process is the board and executives, who are the highest-level governance body and decision makers in an enterprise. The board and executives provide strategic direction, oversight, guidance, and approval for the EGIT implementation program. They also ensure that the program is aligned with the enterprise's vision, mission, values, strategy, goals, and objectives. The board and executives also appoint or endorse other key program roles such as the program sponsor, program manager, program steering committee, change champion network, etc.

Reference:: COBIT 2019 Implementation Guide, page 37-38 : COBIT 2019 Framework: Governance and Management Objectives, page 19-20

The risk profile of an enterprise is a design factor that describes how an enterprise identifies, assesses, responds to, monitors, and reports on information and technology risks. The risk profile helps to determine the level of risk appetite and tolerance that an enterprise has for its information and technology activities, as well as the level of control and assurance that is required for its governance framework. When reviewing the risk profile of an enterprise during the governance design phase, one of the prerequisites that must be established prior to conducting a high-level risk analysis is the enterprise's risk appetite. The risk appetite is the amount and type of risk that an enterprise is willing to accept in pursuit of its objectives. The risk appetite provides a basis for defining the risk criteria, thresholds, indicators, and responses that will be used in the risk analysis process. The risk appetite also helps to align the governance framework with the enterprise's strategy and objectives.

Reference:: COBIT 2019 Design Guide, page 41-43 : COBIT 2019 Framework: Introduction and Methodology, page 28-29

The process 'Ensured Stakeholder Engagement' (EDM04) is one of the governance processes in COBIT 2019 that involves establishing transparent communication with stakeholders about their needs and expectations from information and technology governance. This process also involves ensuring stakeholder involvement in governance decision making and monitoring stakeholder satisfaction with governance outcomes. One of the roles that is best suited for this responsibility is the board and executive management, who are the highest-level governance body and decision makers in an enterprise. The board and executive management have a duty to ensure that they understand the needs and expectations of various stakeholders such as shareholders, regulators, customers, employees, suppliers, etc., and that they communicate effectively with them about the enterprise's strategy, objectives, performance, risks, issues, opportunities, etc., related to information and technology governance. The board and executive management also have a responsibility to involve stakeholders in governance decision making by soliciting their input, feedback, opinions, suggestions, etc., and by considering their interests and perspectives when making governance choices. The board and executive management also have a role in monitoring stakeholder satisfaction with governance outcomes by measuring stakeholder value realization from information and technology investments and initiatives.

Reference:: COBIT 2019 Process Reference Guide: Governance and Management Objectives, page 25-27 : COBIT 2019 Framework: Governance and Management Objectives, page 19-20

The internal audit function is an independent and objective assurance and consulting activity that evaluates and improves the effectiveness of governance, risk management, and control processes in an enterprise. The internal audit function has a role in defining the EGIT target state, which is the desired state of information and technology governance in an enterprise that is aligned with its strategy, objectives, and stakeholder needs. The role of the internal audit function in this process is to provide advice and assist with target-state positioning and gap priorities. This means that the internal audit function can help to identify the current state of information and technology governance in an enterprise, assess the gaps and issues that need to be addressed, determine the target state of information and technology governance that is optimal for the enterprise, and prioritize the actions and initiatives that are required to achieve the target state. The internal audit function can also provide assurance on the design and implementation of the EGIT target state by evaluating its adequacy, effectiveness, efficiency, and compliance.

Reference:: COBIT 2019 Implementation Guide, page 51-52 : COBIT 2019 Framework: Introduction and Methodology, page 30-31

The IT implementation methods design factor describes how an enterprise develops, delivers, and maintains its IT solutions. There are four IT implementation methods defined in COBIT 2019: traditional, agile, DevOps, and hybrid. Each method has different implications for the governance and management of information and technology in terms of focus areas, processes, practices, roles, structures, and metrics. The IT implementation method that requires the highest level of participation by users at multiple stages of software development is agile. Agile is an IT implementation method that emphasizes flexibility, adaptability, collaboration, customer satisfaction, and value delivery. One of the characteristics of agile is that it involves frequent and direct interaction with users throughout the software development life cycle, from requirements gathering to testing to deployment. Users are considered as key stakeholders who provide feedback, input, validation, verification, acceptance, and evaluation of the IT solutions. Users are also involved in prioritizing the features and functionalities of the IT solutions based on their needs and expectations. Agile aims to deliver IT solutions that meet user requirements and expectations in a timely and cost-effective manner.

Reference:: COBIT 2019 Design Guide, page 43-45 : COBIT 2019 Process Reference Guide: Governance and Management Objectives, page 67-69

The management objective BAI11 Managed Projects involves ensuring that IT-enabled change initiatives are delivered on time, within budget, and in accordance with stakeholder expectations. This management objective covers the activities of initiating, planning, executing, monitoring, controlling, and closing IT projects, as well as managing project risks, issues, quality, scope, resources, communications, and stakeholders. This management objective is best for the consultant to recommend for developing a governance and management system that can address the issue of multiple IT-enabled change initiatives frequently being delivered late and failing to meet business needs.By applying this management objective, the enterprise can improve its project governance and management capabilities, ensure alignment of IT projects with business strategy and objectives, enhance project performance and outcomes, and increase stakeholder satisfaction and value realization12Reference:1: COBIT 2019 Process Reference Guide: Governance and Management Objectives, page 77-792: COBIT 2019 Implementation Guide: page 49-50

The threat landscape is a design factor that describes the types and levels of threats that an enterprise faces from internal and external sources that could compromise its information and technology assets. The threat landscape helps to determine the level of security and resilience that an enterprise needs to protect its information and technology assets from unauthorized access, use, disclosure, modification, destruction, or disruption. When tailoring a governance system for an enterprise, one of the most important factors to consider for an operating environment with a high compliance requirement is the threat landscape. The compliance requirement is another design factor that describes the extent and nature of laws, regulations, standards, guidelines, contracts, or agreements that an enterprise must comply with regarding its information and technology activities. The compliance requirement influences the level of control and assurance that an enterprise needs to demonstrate its adherence to the applicable rules and obligations.By considering the threat landscape in relation to the compliance requirement, an enterprise can ensure that its governance system is appropriate for its risk profile and context, and that it can effectively manage the potential impacts of threats on its compliance status34Reference:3: COBIT 2019 Design Guide: page 41-434: COBIT 2019 Design Guide: page 47-48

The risk profile is a design factor that describes how an enterprise identifies, assesses, responds to, monitors, and reports on information and technology risks. The risk profile helps to determine the level of risk appetite and tolerance that an enterprise has for its information and technology activities, as well as the level of control and assurance that is required for its governance framework. When tailoring COBIT 2019 to enterprise requirements, the primary objective of preparing a risk profile is to identify areas of risk that exceed risk appetite. The risk appetite is the amount and type of risk that an enterprise is willing to accept in pursuit of its objectives. The risk appetite provides a basis for defining the risk criteria, thresholds, indicators, and responses that will be used in the risk profile process. By identifying areas of risk that exceed risk appetite, an enterprise can prioritize its governance objectives, processes, practices, roles, structures, and metrics according to the level of risk exposure and impact. This will also help to align the governance framework with the enterprise's strategy and objectives.

Reference:: COBIT 2019 Design Guide: page 41-43 : COBIT 2019 Framework: Introduction and Methodology: page 28-29