A.  

The business manager

B.  

The help desk

C.  

The CIO

D.  

The business continuity vendor

A.  

The database is deployed in a distributed processing platform

B.  

The information architecture incorporates data classification

C.  

Customer profiles are stored with a domestic service provider

D.  

The integrity of sensitive information is periodically reviewed

A.  

IT balanced scorecard

B.  

Net present value (NPV).

C.  

IT delivery time metrics

D.  

Total cost of ownership (TCO)

A.  

ensures IT effectively meets future business needs,

B.  

provides a foundation for measuring IT performance,

C.  

improves the ability to allocate IT resources

D.  

establishes enterprise performance metrics per service

A.  

Business and compliance requirements

B.  

Business storage and processing needs

C.  

Backup and restoration capabilities

D.  

External customer data retention requirements

A.  

Update the IT resource management plan.

B.  

Revise IT strategic objectives.

C.  

Update IT employee compensation packages.

D.  

Mandate the use of employee contracts.

A.  

IT-related regulatory requirements

B.  

Enterprise IT strategy

C.  

Enterprise IT risk assessment

D.  

IT balanced scorecard

A.  

Require an information risk assessment.

B.  

Identify systems that are outsourced.

C.  

Ensure information is classified.

D.  

Require an inventory of information assets.

A.  

Enterprise architecture (EA)

B.  

IT risk register

C.  

Balanced scorecard measures

D.  

IT strategic plan

A.  

key information for IT service level management.

B.  

reference models to align IT with business.

C.  

IT standards for application development

D.  

business information for IT capacity planning.

A.  

Resource management plan

B.  

RACl chart

C.  

Risk management plan

D.  

Risk register

A.  

develop a responsible, accountable, consulted and informed (RACI) chart

B.  

assign appropriate roles and responsibilities

C.  

perform a gap analysis

D.  

identify outsourcing opportunities

A.  

Ensure the use of a business case

B.  

Review business goals.

C.  

Establish an IT balanced scorecard.

D.  

Highlight the risk the new technology will address.

A.  

Include data assets in the IT inventory.

B.  

Identify data owners across the enterprise.

C.  

Require enterprise risk assessments.

D.  

Implement enterprise data governance.

A.  

Establish key performance indicators (KPIs).

B.  

Establish key risk indicators (KRIs).

C.  

Schedule ongoing audit reviews.

D.  

Implement service level agreements (SLAs)

A.  

a RACI chart.

B.  

an organizational breakdown structure.

C.  

a work breakdown structure.

A.  

Key risk indicators (KRIs)

B.  

Scenario-based assessment

C.  

Business impact analysis (BIA)

D.  

Qualitative forecasting

A.  

Cost-benefit analysis

B.  

Contract management office

C.  

Service level agreements (SLAs)

D.  

Procurement framework

A.  

Request an action plan from the risk team.

B.  

Determine whether the board wants to comply with the regulation.

C.  

Update the risk management framework.

D.  

Assess the risk associated with the new regulation.

A.  

Use a balanced scorecard to track the business process.

B.  

Ensure the appropriate involvement Of the legal department.

C.  

Review and revise the business architecture.

D.  

Seek approval from the change management board.

A.  

It enables achievement of service level agreements (SLAs).

B.  

It addresses key stakeholder requirements.

C.  

It ensures compliance with regulations.

D.  

It supports IT strategic goals.

A.  

Existing performance and capacity plans

B.  

A list of current and planned IT projects

C.  

Historical IT budget allocations

D.  

The enterprise SWOT analysis

A.  

perform process modeling.

B.  

outsource infrastructure management.

C.  

develop a robust enterprise architecture (EA).

D.  

implement open-source systems.

A.  

Benefits of IT governance are realized throughout the organization.

B.  

There is awareness of IT metrics throughout the organization.

C.  

IT governance defines how IT projects should be assessed.

D.  

IT performance metrics are defined in the balanced scorecard.

A.  

Review the quality framework.

B.  

Perform a SWOT analysis.

C.  

Review service outage reports.

D.  

Perform a quality audit.

A.  

Update the risk management framework

B.  

Determine whether the board wants to comply with the regulation

C.  

Assess the risk associated with the new regulation

D.  

Request an action plan from the risk team

A.  

Identifying the risk of noncompliance

B.  

Demonstrating sound risk management practices

C.  

Measuring IT alignment with enterprise risk management (ERM)

D.  

Ensuring the effectiveness of IT compliance controls

A.  

Develop key performance indicators (KPIs).

B.  

Communicate to stakeholders

C.  

Analyze the business strategy.

D.  

Review the IT resource plan.

A.  

Has the impact to the enterprise architecture (EA) been assessed?

B.  

Has the investment portfolio been revised?

C.  

Have key stakeholders been consulted?

D.  

Have IT risk metrics been adjusted?

A.  

Incorporate compliance metrics into performance goals.

B.  

Review the relevance of existing policy.

C.  

Mandate awareness training for all mobile device users.

D.  

Implement controls to enforce the policy.

A.  

The IT service delivery model is approved by the business.

B.  

An IT risk management process is in place.

C.  

IT is able to provide a comprehensive service catalog to the business.

D.  

The IT organization is able to sustain business requirements.

A.  

ensure a risk process exists which addresses the risk appetite.

B.  

sustain investment in staff training regarding IT risk.

C.  

promote a benefits-driven culture throughout the enterprise.

D.  

maintain awareness of IT risk to the business.

A.  

Enterprise architecture (EA)

B.  

Risk assessment report

C.  

Business user satisfaction metrics

D.  

Audit findings

A.  

A re-prioritization of IT projects to address critical needs

B.  

Updating the RACI chart to establish responsibility

C.  

The hiring of additional staff to cope with the demand

D.  

An assessment of the capacity of current resources

A.  

Assess the reporting delivery process.

B.  

Negotiate an exception process with the regulator.

C.  

Automate the reporting process.

D.  

Evaluate the implications of risk acceptance.

A.  

Implement a balanced scorecard for the IT project portfolio.

B.  

Establish a portfolio manager role to monitor and control the IT projects.

C.  

Require business cases to have product life cycle information.

D.  

Mandate an enterprise architecture (EA) review with business stakeholders.

A.  

Value delivery

B.  

Resource utilization

C.  

Residual risk

D.  

Project delivery

A.  

Established IT key performance indicators (KPIs)

B.  

IT staff training program requirements

C.  

External IT staffing benchmarks

D.  

An updated business case for IT resourcing

A.  

Clarify the cause-and-effect relationship of the strategy

B.  

Monitor whether the chosen strategy is successful

C.  

Understand how the strategy will be achieved

D.  

Demonstrate commitment to IT governance

A.  

Establish an incident reporting system and hotline.

B.  

Require automation of incident reporting to agencies.

C.  

Establish a cybersecurity incident manager role.

D.  

Understand requirements and definitions for reportable incidents.

A.  

Balanced scorecard

B.  

Milestone chart

C.  

Performance management

D.  

Critical risk and issue walk through

A.  

Information availability is improved.

B.  

Operational costs are maintained.

C.  

Compliance with regulatory requirements is ensured.

D.  

Overall costs are optimized.

A.  

It improves communication with senior management and the business.

B.  

It ensures the adoption of enterprise data quality standards.

C.  

It enables the tracing of data to business functions.

D.  

It facilitates appropriate access to data consumers.

A.  

Corporate culture

B.  

Threats to corporate information

C.  

Utilization of cloud-based applications

D.  

Geographically dispersed staff

A.  

Service level agreements (SLAs) for outsourced IT initiatives

B.  

Total IT spend from all current IT initiatives

C.  

Realization of benefits in the business case

D.  

IT strategy risk metrics related to critical services and projects

A.  

Determining risk thresholds that the enterprise can sustain

B.  

Preparing business continuity and resiliency plans

C.  

Providing a means to effectively manage stakeholders

D.  

Monitoring strategic plans to reach the desired target state

A.  

Define a risk mitigation strategy.

B.  

Update the acceptable use policy.

C.  

Research competitor usage of similar devices.

D.  

Assess the risk associated with the device.

A.  

Risk appetite of the enterprise.

B.  

Possible investment failures.

C.  

Risk management framework.

D.  

Value obtained with minimum risk.

A.  

Seek exemption from the appropriate regulatory body

B.  

Perform an impact analysis and update the business case

C.  

Submit the project to the IT steering committee for reapproval

D.  

Rescope the project to remove work impacted by the regulation

A.  

Remove applications that are not aligned with the information architecture.

B.  

Review the information classification and retention policies.

C.  

Review the information architecture.

D.  

Assess current information ownership.

A.  

Establishing an audit committee that reports to the board

B.  

Establishing roles and responsibilities for IT risk at the senior management level

C.  

Identifying the lowest IT risks and outsourcing the related IT functions

D.  

Assigning a project sponsor and project manager to implement an IT risk register

A.  

Review the data classification policy and relevant documentation

B.  

Terminate contracts with suppliers from sanctioned regions of the world

C.  

Require nondisclosure agreements (NDAs) from all suppliers

D.  

Integrate supply chain cyber risk management processes

A.  

Skills and competencies

B.  

Principles and policies

C.  

Corporate culture

D.  

Business processes

A.  

Information custodian

B.  

Information steward

C.  

Information analyst

D.  

Information owner

A.  

the executive team.

B.  

the internal auditors.

C.  

senior IT managers.

D.  

business process owners.

A.  

Product compliance criteria

B.  

Patient training

C.  

Physical security audits

D.  

Vendor delivery timelines

A.  

To justify spending on IT projects

B.  

To promote transparency to stakeholders

C.  

To ensure other departments are aligned with the direction set by IT

D.  

To inform business units of IT department achievements

A.  

Mandate IT staff training.

B.  

Request an IT balanced scorecard.

C.  

Require a cost-benefit analysis.

D.  

Allocate funding for the initiatives.

A.  

Defining clear roles and responsibilities for the participants

B.  

Using a comprehensive business case for the initiative

C.  

Communicating the planned IT strategy to stakeholders

D.  

Addressing the behavioral and cultural aspects of change

A.  

recommendation Of business owners.

B.  

alignment with IT architecture.

A.  

Standardization

B.  

Replication

C.  

Segregation

D.  

Sanitization

A.  

A SWOT analysis

B.  

An incentive and retention program

C.  

A root cause analysis

D.  

An aggressive talent acquisition program

A.  

Engage the business user community in acceptance testing Of acquired applications.

B.  

Engage stakeholders to identify and validate business requirements.

C.  

Establish a process for risk and value management.

D.  

Prohibit the use of non-approved alternate software solutions.

A.  

Device vulnerabilities

B.  

Technology integration

C.  

Device performance

D.  

Technology obsolescence

A.  

File a report with the local law enforcement agency.

B.  

Report the concern to the ethics hotline.

C.  

Discuss the concern with the chair directly.

D.  

Conduct an investigation to substantiate the chair’s activities.

A.  

Implement a release and deployment plan

B.  

Ask the application owner to update the risk register

C.  

Create a baseline configuration of the new application

D.  

Perform user acceptance testing (UAT)

A.  

Addressing gaps within the management of IT-related risk

B.  

Focusing on business innovation through knowledge, expertise, and initiatives

C.  

Calibrating and scaling delivery Of IT services in line with business requirements

D.  

Adhering to on-time and on-budget IT service delivery

A.  

Business value creation

B.  

Stakeholder satisfaction

C.  

Maintenance of IT operations

D.  

Support for corporate customers

A.  

Business impact analysis (BIA)

B.  

End-user feedback

C.  

Centralized log analysis

D.  

Service level requirements

A.  

Develop a business case for the program portfolio.

B.  

Evaluate key performance indicator (KPI) results.

C.  

Benchmark the IT governance framework to industry best practice.

D.  

Review results of IT audit reports.

A.  

Update resource allocation policies.

B.  

Issue a formal request for proposal (RFP) to outsourcing vendors.

C.  

Establish service-level metrics for outsourced activities.

D.  

Conduct a cost-benefit analysis for outsourcing.

A.  

Mandate technical training related to the IT objectives.

B.  

Have business leaders present their departments' objectives.

C.  

Include relevant IT goals in individual performance objectives.

D.  

Request a progress review of IT objectives by internal audit.

A.  

recommend blocking access to social media.

B.  

review current level of social media usage.

C.  

initiate an assessment of the impact on the business.

D.  

reassess the enterprise's bring your own device (BYOD) policy.

A.  

Enterprise strategic plan

B.  

Enterprise architecture (EA) alignment

C.  

Enterprise risk appetite

D.  

Business impact analysis (BIA) results

A.  

Information security

B.  

Project management office (PMO)

C.  

Quality assurance (QA)

D.  

Internal audit

A.  

Proactively reduce after-hours operations

B.  

Pursue acquisition of surrounding properties

C.  

Wait for a formal complaint to be filed

D.  

Seek input from appropriate stakeholders

A.  

Perform a program benefit calculation and review the project selection methodology

B.  

Suspend funding until project managers from better-performing regions can be assigned

C.  

Perform an independent review of business cases for each current and proposed project in the region

D.  

Work with the region's leadership to better understand why the situation has occurred

A.  

The enterprise risk appetite

B.  

Key performance metrics

C.  

Risk mitigation strategies

D.  

Enterprise architecture (EA) components

A.  

Reviewing the information governance framework

B.  

Selecting best-of-breed cloud offerings

C.  

Updates the enterprise architecture (EA) repository

D.  

Conducting IT staff training to manage cloud workloads

A.  

Payback period

B.  

Cost-benefit analysis

C.  

Net present value (NPV)

D.  

Internal rate of return (IRR)

A.  

Independent audit results

B.  

Historical service level agreements (SLAs)

C.  

Benchmarking analysis results

A.  

Require management to present a comprehensive list of risks.

B.  

Require the implementation of a security incident and event management (SIEM) tool.

C.  

Review the key risk indicators (KRIs) on a regular basis.

D.  

Focus on key performance indicators (KPIs) that predict future business performance.

A.  

Improve value of successful IT projects.

B.  

Increase transparency of value to the enterprise.

C.  

Assist top management in approving IT projects.

D.  

Optimize value to the enterprise.

A.  

It automates project progress reporting to business executives.

B.  

It provides a measure of project progress that is easy to understand.

C.  

It eliminates potential risks related to project earnings.

D.  

It enables accurate forecasts of the number of blocks to be completed.

A.  

Benchmark IT performance.

B.  

Identify gaps in performance.

C.  

Support impact analysis.

D.  

Identify gaps in capability.

A.  

Balanced scorecard

B.  

Control self-assessment (CSA)

C.  

Gap analysis

D.  

Audit reports

A.  

Develop a resource strategy as part of program management.

B.  

Prioritize program requirements based on existing resources.

C.  

Implement resource planning for each IT project.

D.  

Manage resources as part of the portfolio strategy.

A.  

Implement service level agreements (SLAs).

B.  

Establish key performance indicators (KPIs).

C.  

Schedule ongoing audit reviews.

D.  

Establish key risk indicators (KRIs).

A.  

The business created an analytics model based on historical records.

B.  

There is a high probability that the enterprise will enter into litigation.

C.  

New data privacy regulations are expected in a few months.

D.  

A core system database is going through an upgrade.

A.  

Revise the procurement and vendor risk management policies.

B.  

Conduct a root cause analysis and remediate based on findings.

C.  

Document the critical success factors (CSFs) for the procurement policies.

D.  

Establish and communicate strict penalties for biased vendor selection.

A.  

Testing the vendor resiliency plan annually

B.  

Protecting the enterprise from labor liability

C.  

Ensuring the vendor meets corporate requirements

D.  

Monitoring key performance indicators (KPIs)

A.  

Form a team to update EA regularly.

B.  

Require EA review at key milestones.

C.  

Publish and train on the EA document.

D.  

Adopt a globally recognized EA framework.

A.  

Developing data modeling tools

B.  

Managing the challenge of change

C.  

Reducing the cost of IT investments

D.  

Establishing key performance indicators (KPIs)

A.  

Prepare a business case.

B.  

Prepare a request for information (RFI),

C.  

Benchmarking.

D.  

Define a balanced scorecard.

A.  

Develop a contracting template for solution procurement.

B.  

Conduct a thorough assessment of the vendor's security practices.

C.  

Select an industry-recognized solution used by a benchmarked enterprise.

D.  

Develop a comprehensive list of required features.

A.  

the inclusion of mandatory training for remote device users.

B.  

an architectural review to determine appropriate solution design.

C.  

an assessment to determine if data privacy protection is addressed.

D.  

an update to the acceptable use policy.

A.  

Performance of incident response

B.  

Continuous monitoring

C.  

Key risk indicators (KRIs)

D.  

Compliance with internal controls

A.  

CIO

B.  

Internal audit director

C.  

Application users

D.  

The board of directors

A.  

An analysis of the current enterprise risk appetite

B.  

An earned value analysis (EVA) of the implementation

C.  

A risk assessment of the implementation

D.  

A review of lessons learned from previous implementations

A.  

IT risk appetite

B.  

Enterprise project management framework

C.  

IT investment portfolio

D.  

Information systems architecture

A.  

Establish service level agreements (SLAs) with the development team.

B.  

Identify key risks and mitigation strategies for mobile applications.

C.  

Implement key performance indicators (KPIs) that include application quality.

D.  

Identify business requirements concerning mobile applications.

A.  

Establish a change management process.

B.  

Obtain top management support and ownership.

C.  

Ensure compliance with corporate policy.

D.  

Benchmark against best practices.

A.  

Cost management

B.  

IT strategic sourcing

C.  

Standardization

D.  

Business agility

A.  

Update the ERP business case and re-evaluate the ROI.

B.  

Cancel the ERP transformation and re-allocate project funds.

C.  

Adjust the ERP implementation plan and budget.

D.  

Continue with the ERP migration according to plan.

A.  

Establish a resource management framework.

B.  

Evaluate the operational requirements of the business stakeholders.

C.  

Identify key performance indicators (KPIs).

D.  

Require operational management be identified in the business case.

A.  

Demonstrating the effectiveness of IT risk policies

B.  

Assessing the current IT controls model

C.  

Enabling comparison against similar IT KRIs

D.  

Increasing the probability of achieving IT goals

A.  

Schedule an interim project review.

B.  

Request a risk assessment.

C.  

Re-evaluate the project in the portfolio.

D.  

Request an update to the business case

A.  

Process framework

B.  

Service delivery process model

C.  

Objectives and metrics

D.  

IT process assessment

A.  

mandating board-approved enterprise risk management (ERM) modifications.

B.  

requiring the establishment of an enterprise risk management (ERM) framework.

C.  

requiring the establishment of an enterprise-wide program management office.

D.  

ensuring the cost-effectiveness of the internal control system.

A.  

The business leader who is most impacted by the loss of data.

B.  

The risk manager who is responsible for protecting data stored in the cloud.

C.  

The contract manager who monitors the security of the cloud provider.

D.  

The vendor who submits the data to the organization via online forms

A.  

Key risk indicators (KRIs)

B.  

IT environment threat modeling

C.  

Business impact analysis (BIA) report

D.  

Recovery time objectives (RTOs)

A.  

Identifying gaps in information asset protection

B.  

Defining data archiving and retrieval policies

C.  

Recruiting and training qualified IT security staff

D.  

Modernizing internal IT security practices

A.  

Implement performance indicators.

B.  

Evaluate the change management process.

C.  

Establish code peer reviews.

D.  

Evaluate the quality assurance process.

A.  

Factoring in the effects of enterprise culture

B.  

Using subject matter experts

C.  

Using industry-accepted practices

D.  

Complying with regulatory requirements

A.  

Risk framework alignment

B.  

Local market common practices

C.  

Compliance with local regulations

D.  

Technical gaps among subsidiaries

A.  

Interface issues between enterprise and Bl applications

B.  

Large volumes of data fed from enterprise applications

C.  

The need for staff to be trained on the new Bl tool

D.  

Data definition and mapping sources from applications

A.  

Perform a risk assessment on potential outsourcing.

B.  

Update the enterprise architecture (EA) with the new technology.

C.  

Review the IT balanced scorecard for sourcing opportunities.

D.  

Assess the gap between current and required staff competencies.

A.  

IT principles and policies

B.  

IT balanced scorecard

C.  

IT governance framework

D.  

IT goals and objectives

A.  

reviewing current goals-based performance appraisals across the enterprise.

B.  

ranking employees across the enterprise based on their compensation.

C.  

ranking employees across the enterprise based on length of service.

D.  

retaining capable staff exclusively from the local market.

A.  

Interviewing senior management

B.  

Evaluating the balanced scorecard

C.  

Reviewing recent audit findings

D.  

Assessing social media adoption

A.  

Mitigate and track data-related issues and risks.

B.  

Modify legal and regulatory data requirements.

C.  

Define data protection and privacy practices.

D.  

Assess the information governance framework.

A.  

Reviewing IT design with business process managers

B.  

Reviewing business strategy with senior management

C.  

Mapping business processes within a framework

D.  

Aligning business objectives to organizational strategy

A.  

Employee nondisclosure agreement

B.  

Enterprise risk appetite statement

C.  

Enterprise acceptable use policy

D.  

Orientation training materials

A.  

Core legacy systems are not fully integrated with enterprise IT systems.

B.  

Business users are not able to decide upon IT service levels to be provided.

C.  

Increasing complexity of core business and IT processes have led to dramatic increasing costs.

D.  

The business strategy requires significant IT resource scalability over the next five years.

A.  

Revising the business $ balanced store card

B.  

Updating the business risk profile

C.  

Changing the IT steering committee charter

D.  

Calculating the cost of the current solution

A.  

insufficient information architecture

B.  

Ineffective project management

C.  

An outdated service level agreement (SLA)

D.  

An incomplete cost-benefit analysis

A.  

Develop a responsible, accountable, consulted, and informed (RACI) chart.

B.  

Create an effective recruitment, retention, and training program.

C.  

Commit to the board performance metrics and bonus structure.

D.  

Develop personnel requirements for third-party assurance.

A.  

A high percentage of business owners involved with the approval of the IT strategic plan

B.  

A high percentage of IT systems complying with corporate information security standards

C.  

A high percentage of IT projects delivered on time and on budget

D.  

A high percentage of IT investments delivering expected benefits

A.  

Service level targets align with business requirements.

B.  

Employee-owned devices will be covered by the service.

C.  

The MDM services are delivered via a cloud.

D.  

Technology-owned devices will be covered by the service

A.  

Assess each project's impact on the enterprise's investment plan.

B.  

Select IT projects that will best support the enterprise's mission.

C.  

Analyze IT investments based on past data.

D.  

Analyze the risks and benefits of the investment for each IT project.

A.  

Ensure that IT drives business goals

B.  

Analyze benchmarking data

C.  

Understand the current vision

D.  

Perform a business impact analysis (BIA)

A.  

Cost savings and human resource optimization

B.  

Business value and customer satisfaction

C.  

IT risk identification and mitigation

D.  

Comprehensive IT policies and procedures

A.  

An IT project roadmap

B.  

An IT risk management program

C.  

A change management program

D.  

A service delivery framework

A.  

measure financial results.

B.  

measure all areas.

C.  

are approved by the stakeholders.

D.  

contain objective measures.

A.  

Program manager

B.  

IT steering committee chair

C.  

CIO

D.  

Business sponsor

A.  

evaluate the risk appetite for the new regulation.

B.  

define the risk tolerance for the new regulation.

C.  

determine if the new regulation introduces new risk.

D.  

assign a risk owner for the new regulation.

A.  

Service level management

B.  

Balanced scorecard

C.  

Risk control self-assessment (CSA)

D.  

SWOT analysis

A.  

Performance

B.  

Repeatability

C.  

Scalability

D.  

Optimization

A.  

Share concerns with the legal department.

B.  

Request a meeting with the board.

C.  

Engage an independent cost-benefit analysis.

D.  

Request an internal audit review of the board's decision.

A.  

Enterprise risk appetite and tolerance

B.  

Risk management and control frameworks

C.  

Continuous improvement plans

D.  

A process maturity framework and documented procedures

A.  

establish project controls and monitoring objectives.

B.  

perform an objective analysis of the project roadmap.

C.  

establish the objectives and expected benefits.

D.  

specify quantitative measures for solution delivery.

A.  

Document the competitor's governance structure.

B.  

Ensure that the competitor understands significant IT risks.

C.  

Assess the status of the risk profile of the competitor.

D.  

Determine whether the competitor is using industry-accepted practices.

A.  

Requiring the enterprise architecture (EA) be updated

B.  

Validating that the balanced scorecard is still meaningful

C.  

Ensuring IT will operate at a lower cost than the vendor

D.  

Ensuring a change management plan is in place

A.  

Enterprise architecture (EA)

B.  

Enterprise risk framework

C.  

IT service management

D.  

IT project roadmap

A.  

Implement controls to block the installation of unapproved applications.

B.  

Educate the executive team about the risk associated with shadow IT applications.

C.  

Provide training to the help desk to identify shadow IT applications.

D.  

Review and update the application implementation process.

A.  

Deliver prioritization and facilitation training.

B.  

Implement a performance management framework.

C.  

Create an IT portfolio management risk framework.

D.  

Develop and communicate an accountability matrix.

A.  

earned value management.

B.  

quality management,

C.  

resource management.

D.  

risk management

A.  

Conduct quarterly audits and adjust reporting based on findings.

B.  

Establish a standard process for providing feedback.

C.  

Rely on IT leaders to advise when adjustments should be made.

D.  

Issue frequent service level satisfaction surveys.

A.  

Incorporate an organizational change management program.

B.  

Establish "Reward and Recognition" efforts to boost employee morale.

C.  

Improve the system development life cycle (SDLC) process.

D.  

Assess current business and IT competencies.

A.  

calculation of the total cost of ownership.

B.  

periodic review of the business case.

C.  

periodic measurement of the project slip rate.

D.  

calculation of the net present value (NPV).

A.  

Standardize data classification processes throughout the enterprise.

B.  

Incorporate enterprise privacy categorizations into contracts.

C.  

Require business impact analyses (BIAs) for enterprise systems.

D.  

Reassess the data governance policy.

A.  

Review the IT investments.

B.  

Reorganize the IT projects portfolio.

C.  

Re-evaluate the business case.

D.  

Review the IT governance structure.

A.  

Business dependency assessment

B.  

Business process analysis

C.  

Business case evaluation

D.  

Business impact analysis (BIA)

A.  

Monitor new key risk indicators (KRIs).

B.  

Measure return on IT investments against balanced scorecards.

C.  

Review and update the portfolio management process.

D.  

Map IT programs to business goals.

A.  

Assign individuals responsibilities and accountabilities for management of risks.

B.  

Make staff aware of the risks in their area and risk management techniques.

C.  

Provide financial resources for risk management systems.

D.  

Document procedures and reporting processes.

A.  

Requesting periodic third-party assessments of the system throughout its life

B.  

Obtaining long-term support commitments from the system platform vendors)

C.  

Obtaining independent assurance that the system will conform to future business requirements

D.  

Ensuring that the system is maintained in compliance with enterprise architecture (EA) standards

A.  

initiate the program using an implementation roadmap.

B.  

establish initiatives for business and managers.

C.  

acquire the resources that will be required.

D.  

communicate the program to stakeholders to gain consensus.

A.  

Establishment of an IT steering committee

B.  

Standards-based reference architecture and design specifications

C.  

Establishment of standard vendor and technology designations

D.  

Design of policies and procedures

A.  

Business data owners were not consulted.

B.  

The new policies Increase the cost of data backups.

C.  

Data backups will be hosted at third-party locations.

D.  

The retention period for data backups is Increased.

A.  

Inconsistent categories of vulnerabilities

B.  

Conflicting interpretations of risk levels

C.  

Inconsistent data classification

D.  

Lack of strategic IT alignment

A.  

key business objectives.

B.  

industry standard key performance indicators (KPIs).

C.  

portfolio prioritization criteria.

D.  

IT risk policies.

A.  

Data encryption tools

B.  

Data loss prevention tools

C.  

Data classification policy

D.  

Data retention policy

A.  

Acceptable use policy

B.  

Risk register

C.  

Ethics standards

D.  

Change management policy

A.  

enforce consistent policy across the enterprise.

B.  

be applied in the same manner throughout the enterprise.

C.  

apply consistent target levels of maturity to processes.

D.  

be a component of enterprise governance.

A.  

Balanced scorecard

B.  

Capability maturity levels

C.  

Performance indicators

D.  

Critical success factors (CSFs)

A.  

Number of failed software updates on mobile devices

B.  

Percentage of incomplete transactions

C.  

Failure rate of point-of-sale systems

D.  

Total volume of suspicious transactions

A.  

Establishing data retention procedures

B.  

Training technicians on acceptable use policy

C.  

Minimizing the impact of hospital operation disruptions on patient care

D.  

Protecting personal health information

A.  

system life cycle management.

B.  

asset classification.

C.  

vendor management

D.  

vulnerability management.

A.  

Each business unit has its own steering committee for IT investment and prioritization.

B.  

Uniform portfolio management is in place throughout the business units.

C.  

IT is the exclusive provider of IT services to the business units.

D.  

The enterprise's CIO is a member of the executive committee.

A.  

Ensuring fair and consistent vendor management practices

B.  

Providing equal opportunities to employees

C.  

Protecting stakeholders' interests

D.  

Complying with legal and regulatory requirements

A.  

Business impact analysis (BIA)

B.  

Cost-benefit analysis

C.  

Enterprise risk analysis

D.  

Stakeholder analysis

A.  

Require employees to read and sign a disclaimer.

B.  

Develop and disseminate an applicable policy.

C.  

Post awareness messages throughout the facility.

D.  

Provide training on how to protect data on personal devices.

A.  

identify IT services that currently support the enterprise’s capability.

B.  

define policies for data, applications, and organization of infrastructure.

C.  

identify the role of IT in supporting the business.

D.  

prioritize how much and where to invest in IT.

A.  

IT service delivery roles and responsibilities

B.  

Compliance with applicable legislation

C.  

Likelihood of natural disasters

D.  

The cloud service provider's reputation

A.  

Require ERM orientation sessions

B.  

Request the development of an IT risk register template.

C.  

Request a complete skills reassessment for all IT staff.

D.  

Update the ERM framework.

A.  

Asset retention policies

B.  

Information retention policies

C.  

Data archival policies

D.  

Data backup and restoration policies

A.  

ascertain the IT function has sufficient skilled staff to maintain daily operations.

B.  

ensure the enterprise has sufficient resources to address changing business and IT needs.

C.  

verify that human resource recruitment and retention processes meet enterprise IT objectives.

D.  

confirm IT-related responsibilities are defined for the enterprise's business and IT staff.

A.  

Data encryption program

B.  

Data risk management program

C.  

Data retention policy

D.  

Data classification policy

A.  

Cost considerations

B.  

Regulatory compliance

C.  

Resource alignment

D.  

Security breaches

A.  

Defined service level agreements (SLAs)

B.  

Project portfolio dashboards

C.  

Key performance indicators (KPIs)

D.  

IT user survey results

A.  

Update the enterprise architecture (EA).

B.  

Perform a business impact analysis (BIA.

C.  

Conduct a gap analysis.

D.  

Develop a communication plan to support the merger.

A.  

Cloud implementation model

B.  

User experience

C.  

Information ownership

D.  

Third-party access rights

A.  

Risk policy

B.  

Risk framework

C.  

Risk heat map

D.  

Risk register

A.  

Engage human resources (HR) for recruitment of new staff.

B.  

Request the development of a succession plan.

C.  

Review motivation drivers for key IT staff.

D.  

Evaluate lower-level staff as succession candidates.

A.  

It uses resources more efficiently

B.  

It can be used to assess risks against non-tangible assets

C.  

It reduces subjectivity

D.  

It helps in prioritizing risk response action plans

A.  

IT resource strategy

B.  

IT risk and security framework

C.  

IT goals and objectives

D.  

IT key performance indicators (KPIs)

A.  

monitor whether the chosen strategy is successful

B.  

visualize how the strategy will be achieved.

C.  

demonstrate commitment to IT governance.

D.  

clarify the cause-and-effect relationship of the strategy.

A.  

Inadequate stage-gate reviews

B.  

Inadequate board oversight

C.  

Lack of accountability for policy adherence

D.  

Lack of a legal and regulatory review process

A.  

Review the enterprise data architecture.

B.  

Establish a data quality plan

C.  

Consult the quality assurance (QA) function.

D.  

Acquire data migration tools.

A.  

training needs.

B.  

one set of skills applicable to all IT staff.

C.  

a best practices framework.

D.  

each role within the IT department.

A.  

Practical and enforceable policies

B.  

Automated compliance tracking

C.  

Comprehensive and timely audit reviews

D.  

Periodic peer reviews

A.  

Consult with the enterprise privacy function

B.  

Define the critical success factors (CSFs)

C.  

Present the proposal to the IT strategy committee

D.  

Perform a business impact analysis (BIA)

A.  

Implement an IT risk management framework.

B.  

Install an IT continuous monitoring solution.

C.  

Define IT performance management measures.

D.  

Benchmark IT strategy against industry peers.

A.  

Return on investment (ROI)

B.  

Resource requirements.

C.  

Service level agreements (SLAs)

D.  

Economies of scale

A.  

Implement key performance indicators (KPIs).

B.  

Reflect the change in the enterprise architecture (EA).

C.  

Evaluate the sourcing options.

D.  

Engage an experienced IT consultant to perform the migration.

A.  

system implementation

B.  

project initiation

C.  

investment feasibility analysis

D.  

business case development.

A.  

The enterprise balanced scorecard is aligned with IT dashboards.

B.  

Business executives better understand IT's value contribution to the enterprise

C.  

IT key performance indicators (KPIs) are included in the enterprise-level KPI dashboard.

D.  

IT processes are improved in line with business requirements.

A.  

Legal and regulatory requirements

B.  

Approved IT investment opportunities

C.  

Objectives and responsibilities

D.  

Need for enterprise architecture (EA)

A.  

Include a complete IT risk register in the monthly letter given to each board member.

B.  

Include key IT risks in a dashboard submitted to the board quarterly.

C.  

Submit a register of all IT audit findings to board members monthly.

D.  

Schedule quarterly meetings to discuss all open IT risks.

A.  

Implement an early warning detection and notification system.

B.  

Assess the likelihood and impact on the data center.

C.  

Relocate the data center to minimize the threat.

D.  

Assess how the data center is protected against the threat.

A.  

Research the technology and identify potential security threats.

B.  

Include risk-related requirements in the SaaS contract.

C.  

Create key risk indicators (KRls) for the SaaS solution.

D.  

Redefine the risk appetite and risk tolerance.

A.  

Contract management

B.  

Continuity planning

C.  

Data management

D.  

Security architecture

A.  

performance.

B.  

value.

C.  

capabilities.

D.  

outcome.

A.  

information technology risk.

B.  

framework development cost.

C.  

information technology strategy.

D.  

stakeholders' support.