Home

Home / Isaca / CGEIT

Question list

List of questions

Question 1

(0)

A newly established IT steering committee is concerned whether a system is meeting availability objectives. Which of the following will provide the BEST information to make an assessment?

Question 2

(0)

Which of the following is the BEST method to monitor IT governance effectiveness?

Question 3

(0)

A newly established IT steering committee is concerned whether a system is meeting availability objectives. Which of the following will provide the BEST information to make an assessment?

Question 4

(0)

An IT audit reveals inconsistent maintenance of data privacy in enterprise systems primarily due to a lack of data sensitivity categorizations. Once the categorizations are defined, what is the BEST

Question 5

(0)

A new and expanding enterprise has recently received a report indicating 90% of its data has been collected in just the last six months, triggering data breach and privacy concerns. What should be t

Question 6

(0)

An enterprise is planning to replace multiple enterprise resource planning (ERP) systems at various regions with one company-wide ERP system. The main objective of this change is to achieve economie

Question 7

(0)

While monitoring an enterprise's IT projects portfolio, it is discovered that a project is 75% complete, but all budgeted resources have been expended. Which of the following is the MOST important t

Question 8

(0)

Six months ago, an enterprise's CIO reorganized IT to improve service delivery to the business. Which of the following would BEST demonstrate the effectiveness of the reorganization?

Question 9

(0)

An enterprise is evaluating a possible strategic initiative for which IT would be the main driver. There are several risk scenarios associated with the initiative that have been identified. Which of

Question 10

(0)

Enterprise IT has overseen the implementation of an array of data services with overlapping functionality leading to business inefficiencies. Which of the following is the MOST likely cause of this

Open VPLUS File

Convert VPLUS to PDF

Related questions

Results of an enterprise's customer survey indicate customers prefer using mobile applications. However, this same survey shows the enterprise's mobile applications are considered inferior compared to legacy browser-based applications. Which of the following should be the FIRST step in creating an effective long-term mobile application strategy?

Which of the following is the MOST important consideration when integrating a new vendor with an enterprise resource planning (ERP) system?

An enterprise is planning a transformation initiative by leveraging emerging technology that will have a significant impact on existing products and services Which of the following is the BEST way for IT to prepare for this change?

An organization's board of directors has questioned the value provided by IT key performance indicators (KPIs). Which of the following is the BEST way to determine whether the KPIs adequately support organizational objectives?

Acceptance of an enterprise's newly implemented IT governance initiatives has been resisted by a functional group requesting more autonomy over technology choices. Which of the following is MOST important to accommodate this need for autonomy?

A regulatory audit assessed an enterprise's main transactional application as noncompliant. In addition to fines and required corrections, an agreement was reached to implement a set of governance controls over IT. Accountability for these controls is BEST assigned to which of the following?

Which of the following BEST enables an enterprise to determine how business expectations should be addressed in a governance program?

Which of the following decisions would be made by the IT strategy committee?

A CIO is concerned with the potential of vendor system failures that could cause a large amount of unintended system downtime. To determine how to prepare for this concern, what is MOST important for the CIO to review?

Which of the following is MOST important for a data steward to verify when a system's data is edited by an automated tool to fix an incident?

Question 514 - CGEIT discussion

Report

Which of the following is necessary for effective risk management in IT governance?

A.

Risk evaluation is embedded in the management processes.

B.

IT risk management is separate from enterprise risk management (ERM).

C.

Local managers are solely responsible for risk evaluation.

D.

Risk management strategy is approved by the audit committee.

Suggested answer: A

Explanation:

Effective risk management in IT governance requires that risk evaluation is embedded in the management processes of the organization. This means that risk evaluation is not a separate or isolated activity, but rather an integral part of the planning, execution, monitoring, and reporting of IT activities and initiatives. Embedding risk evaluation in the management processes can help:

Identify and assess the potential threats and opportunities that may affect the achievement of IT and business objectives

Align the IT risk appetite and tolerance with the enterprise risk appetite and tolerance

Prioritize and allocate the resources and actions to address the risks based on their impact and likelihood

Monitor and report the risk performance and outcomes in relation to the IT value drivers and benefits

Embed the risk culture and awareness across the organization

According to the CGEIT Review Manual 2022, 'Risk evaluation should be embedded in management processes.Risk evaluation should be performed as part of planning, executing, monitoring and reporting activities.'1

According to the ISACA article on Risk Management: A Driver for Value Creation2, ''Risk management should be embedded into all business processes. It should be part of strategic planning, project management, change management, performance management, etc.''

According to the NIST article on Staging Cybersecurity Risks for Enterprise Risk Management and Governance3, ''Embedding cybersecurity risk management into enterprise risk management (ERM) processes can help organizations better understand their cybersecurity risks, prioritize them based on their potential impact on business objectives, and allocate resources accordingly.''

Show Answer

asked 18/11/2024

pedro blanco

27 questions

User

Your answer: A B C D

0 comments

Sorted by

Leave a comment first