A.  

Resource constraints related to implementing the digital strategy.

B.  

The business use cases supporting the digital strategy

C.  

Changes to the legacy business and data architectures

D.  

The history of fraud incidents and their root causes

A.  

identify business data that requires protection.

B.  

perform a risk analysis on key IT processes

C.  

implement controls to address high risk areas

D.  

ensure IT risk alignment with enterprise risk

A.  

Responding to and controlling all IT risk events

B.  

Communicating the enterprise risk management plan

C.  

Ensuring IT risk management is aligned with business risk appetite

D.  

Verifying that all business units have staff skilled at assessing risk

A.  

initiate the program using an implementation roadmap.

B.  

establish initiatives for business and managers.

C.  

acquire the resources that will be required.

D.  

communicate the program to stakeholders to gain consensus.

A.  

Build a governance framework for identifying non-standard processes.

B.  

Request funding from the CEO to hire ERP consultants.

C.  

Ask the CEO to be the sponsor of the program

D.  

Engage a reluctant business unit to conduct a proof-of-concept pilot.

A.  

Technology infrastructure

B.  

Risk appetite

C.  

Combined cost of operations

D.  

Enterprise architecture (EA) integration

A.  

the inclusion of mandatory training for remote device users.

B.  

an architectural review to determine appropriate solution design.

C.  

an assessment to determine if data privacy protection is addressed.

D.  

an update to the acceptable use policy.

A.  

Embed IT risk management strategies in service level agreements (SLAs).

B.  

Establish a committee to oversee the alignment of IT security in new businesses.

C.  

Incorporate IT security objectives to cover additional risks associated with new businesses.

D.  

Integrate IT risk assessment into the overall due diligence process.

A.  

Align IT objectives to the business procurement process.

B.  

Involve business in IT procurement decisions.

C.  

Establish a centralized procurement approval process.

D.  

Define roles and responsibilities through a RAG chart

A.  

Create a communication plan with risk owners.

B.  

Outsource infrastructure hosting.

C.  

Restrict and monitor user access.

D.  

Develop key risk indicators (KRIs) and action plans.

A.  

Define the risk mitigation strategy.

B.  

Assess the impact of each risk.

C.  

Establish a baseline for each initiative.

D.  

Select qualified personnel to manage the project.

A.  

Inconsistent customer service and reporting

B.  

Loss of data confidentiality

C.  

Lack of network availability

D.  

Inadequate business continuity planning

A.  

Update the enterprise architecture (EA).

B.  

Perform a business impact analysis (BIA.

C.  

Conduct a gap analysis.

D.  

Develop a communication plan to support the merger.

A.  

Reviewing IT design with business process managers

B.  

Reviewing business strategy with senior management

C.  

Mapping business processes within a framework

D.  

Aligning business objectives to organizational strategy

A.  

Ask business stakeholders to discuss their vision for the new strategy.

B.  

Cancel projects with a net present value (NPV) below a defined threshold.

C.  

Conduct a risk assessment against the potential new services.

D.  

Start re-allocating budget to projects involving mobile or cloud.

A.  

perform process modeling.

B.  

outsource infrastructure management.

C.  

develop a robust enterprise architecture (EA).

D.  

implement open source systems.

A.  

Information architect

B.  

Information analyst

C.  

Information steward

D.  

Information owner

A.  

Risk framework alignment

B.  

Local market common practices

C.  

Compliance with local regulations

D.  

Technical gaps among subsidiaries

A.  

Extract training requirements from deficiencies reported in customer service satisfaction surveys.

B.  

Ask managers to determine IT training requirements annually.

C.  

Determine training needs based on the capabilities to support the IT strategy.

D.  

Survey employees for IT skills requirements based upon technology trends.

A.  

Monitoring with key performance indicators (KPIs)

B.  

Implementation of data loss prevention (DLP) tools

C.  

Clear guidelines adopted by the business

D.  

Classification policy approval by the board

A.  

Incorporate compliance metrics into performance goals.

B.  

Review the relevance of existing policy.

C.  

Mandate awareness training for all mobile device users.

D.  

Implement controls to enforce the policy.

A.  

Established IT monitoring and measuring

B.  

Regularly scheduled governance training

C.  

Demonstrated management commitment

D.  

IT governance process manuals

A.  

ensure a risk process exists which addresses the risk appetite.

B.  

sustain investment in staff training regarding IT risk.

C.  

promote a benefits-driven culture throughout the enterprise.

D.  

maintain awareness of IT risk to the business.

A.  

Enterprise architecture (EA).

B.  

IT process mapping

C.  

Task management

D.  

Service level management

A.  

Data scientists

B.  

Data stewards

C.  

Data analysts

D.  

Data processors

A.  

Decrease spending on steady state and increase spending on modernization and enhancements.

B.  

Redefine the target architecture to define new technologies that can be incorporated into the infrastructure.

C.  

Create a new investment category for innovation that becomes a new way for tracking investment decisions.

D.  

Update the IT human resource management plan to require training and development for emerging technologies.

A.  

Cost considerations

B.  

Regulatory compliance

C.  

Resource alignment

D.  

Security breaches

A.  

evaluate the risk appetite for the new regulation.

B.  

define the risk tolerance for the new regulation.

C.  

determine if the new regulation introduces new risk.

D.  

assign a risk owner for the new regulation.

A.  

An IT balanced scorecard is used.

B.  

Business objectives are achieved.

C.  

Business objectives are defined.

D.  

IT processes are measured.

A.  

Asset retention policies

B.  

Information retention policies

C.  

Data archival policies

D.  

Data backup and restoration policies

A.  

Enforce change control procedures.

B.  

Conduct software quality audits

C.  

Review the application development life cycle.

D.  

Add change control to the risk register.

A.  

Potential legal penalties

B.  

Ethical concerns

C.  

Regulatory requirements

D.  

Data protection

A.  

Promoting responsibility throughout the enterprise for managing IT risk.

B.  

Increasing the enterprise's risk tolerance level and risk appetite.

C.  

Engaging executives in examining IT risk when developing policies.

D.  

Maintaining a complete and accurate risk registry to belief manage IT risk

A.  

Business data owners were not consulted.

B.  

The new policies Increase the cost of data backups.

C.  

Data backups will be hosted at third-party locations.

D.  

The retention period for data backups is Increased.

A.  

Poor desktop service delivery

B.  

Data retention

C.  

Redundant systems

D.  

Poor business decisions

A.  

reviewing current goals-based performance appraisals across the enterprise.

B.  

ranking employees across the enterprise based on their compensation.

C.  

ranking employees across the enterprise based on length of service.

D.  

retaining capable staff exclusively from the local market.

A.  

Internal audit has knowledge and technical expertise to advise on IT infrastructure.

B.  

Internal audit is accountable for the overall enterprise governance of IT.

C.  

Internal audit implements controls over IT risks and security.

D.  

Internal audit provides input on relevant issues and control processes.

A.  

Disciplinary actions

B.  

Regulatory requirements

C.  

Roles and responsibilities

D.  

Terms and definitions

A.  

Assess data security controls.

B.  

Review data logs.

C.  

Analyze data quality.

D.  

Verify data owners.

A.  

Benchmark risk framework against best practices.

B.  

Calculate financial impact for each IT risk finding.

C.  

Periodically review the IT risk register entries.

D.  

Integrate IT risk into enterprise risk management (ERM).

A.  

Prepare a business case.

B.  

Prepare a request for information (RFI),

C.  

Benchmarking.

D.  

Define a balanced scorecard.

A.  

When issuing requests for proposals (RFPs)

B.  

After an assessment of the current information architecture .

C.  

When developing service level agreements (SLAs)

D.  

During the initial vendor selection process

A.  

enforce consistent policy across the enterprise.

B.  

be applied in the same manner throughout the enterprise.

C.  

apply consistent target levels of maturity to processes.

D.  

be a component of enterprise governance.

A.  

Risk manager

B.  

Data owner

C.  

Lead legal counsel

D.  

Data custodian

A.  

trust among internal and external stakeholders.

B.  

employees act more responsibly.

C.  

corporate social responsibility.

D.  

legal and regulatory compliance.

A.  

IT steering committee

B.  

IT audit department

C.  

Portfolio management office

D.  

Program management office

A.  

Conduct quarterly audits and adjust reporting based on findings.

B.  

Establish a standard process for providing feedback.

C.  

Rely on IT leaders to advise when adjustments should be made.

D.  

Issue frequent service level satisfaction surveys.

A.  

IT steering committee

B.  

Chief information officer (CIO)

C.  

Chief compliance officer

D.  

Project management office (PMO)

A.  

Number of IT employees attending security training sessions

B.  

Results of application security testing

C.  

Number of reported security incidents

D.  

Results of application security awareness training quizzes

A.  

Complete inventory of enterprise data

B.  

Implementation of a breach notification process

C.  

Accurate classification of enterprise data

D.  

Robust enterprise policy related to data retention

A.  

Requiring the enterprise architecture (EA) be updated

B.  

Validating that the balanced scorecard is still meaningful

C.  

Ensuring IT will operate at a lower cost than the vendor

D.  

Ensuring a change management plan is in place

A.  

implement knowledge management practices

B.  

Establish a mentoring program for IT staff

C.  

Determine key risk indicators (KRIs)

D.  

Retain key staff as consultants.

A.  

language differences.

B.  

the use of international standards.

C.  

the impact of cultural changes.

D.  

globally recognized good practices.

A.  

Conduct an enterprise risk assessment.

B.  

Implement a cross-training program.

C.  

Assign resources based on business priorities.

D.  

Assign resources based on risk appetite.

A.  

Investment services board review

B.  

Net present value {NPV) calculation

C.  

Risk assessment results

D.  

Cost-benefit analysis results

A.  

Update the information architecture

B.  

Revise the IT strategic plan

C.  

Implement data loss prevention (DLP)

D.  

Establish new IT key risk indicators (KRIs)

A.  

Principles and policies

B.  

Roles and responsibilities

C.  

Risk tolerance levels

D.  

Organizational culture

A.  

Employee performance metrics

B.  

Project risk reports

C.  

Gap analysis results

D.  

Training program statistics

A.  

Acceptable use policy

B.  

Risk register

C.  

Ethics standards

D.  

Change management policy

A.  

Process owners

B.  

Risk management team

C.  

Internal auditors

D.  

Executive management

A.  

Mitigate and track data-related issues and risks.

B.  

Modify legal and regulatory data requirements.

C.  

Define data protection and privacy practices.

D.  

Assess the information governance framework.