A new and expanding enterprise has recently received a report indicating 90% of its data has been collected in just the last six months, triggering data breach and privacy concerns. What should be the IT steering committee's FIRST course of action to ensure new data is managed effectively?
Correct Answer: D
An information governance framework is the structure that provides a holistic overview of the influences that inform how an organisation creates and manages its enterprise-wide information assets (records, information and data)1. It defines the roles, responsibilities, policies, standards, and processes for ensuring effective and secure information management. If a new and expanding enterprise has collected a large amount of data in a short period of time, it may face data breach and privacy risks if it does not have a robust and comprehensive information governance framework in place. Therefore, the IT steering committee's first course of action should be to assess the current state of the information governance framework, identify any gaps or weaknesses, and implement improvements or changes as needed. This will help the enterprise to protect and preserve its information assets, comply with legal and regulatory requirements, and enable ethical and efficient use of information. Mitigating and tracking data-related issues and risks, modifying legal and regulatory data requirements, and defining data protection and privacy practices are important actions, but they are not the first course of action. They are more likely to be part of the implementation or improvement of the information governance framework after it has been assessed. References := Establishing an information governance framework
CGEIT Exam Question 187
Which of the following presents the GREATEST challenge for a large-scale enterprise when procuring Infrastructure as a Service (IaaS)?
Correct Answer: C
For large enterprises, the greatest challenge when procuring IaaS is ensuring the vendor meets corporate requirements, including compliance, integration standards, security, scalability, and service levels. The complexity of aligning cloud capabilities with internal policies and operational needs can create governance gaps. Other options represent necessary practices, but the alignment of vendor capabilities with enterprise standards is foundational to long-term success and risk mitigation. Reference: CGEIT Review Manual: Domain 2 - IT Resources and Third-Party Risk COBIT 2019: APO03 (Manage Enterprise Architecture), APO10 (Manage Suppliers).
CGEIT Exam Question 188
Which of the following should senior management do FIRST when developing and managing digital applications for a new enterprise?
Correct Answer: B
According to the CGEIT exam guide, the risk appetite is the amount and type of risk that an enterprise is willing to accept in pursuit of its objectives. It is a key element of the IT governance framework and should be defined by senior management before developing and managing digital applications for a new enterprise. The risk appetite provides the basis for establishing the risk management strategy, policies and processes, as well as the risk culture and awareness of the enterprise. References: CGEIT Exam Candidate Guide, page 15. CGEIT Certification
CGEIT Exam Question 189
While monitoring an enterprise's IT projects portfolio, it is discovered that a project is 75% complete, but all budgeted resources have been expended. Which of the following is the MOST important task to perform?
Correct Answer: C
A business case is a document that justifies the initiation and continuation of a project based on its expected benefits, costs, risks, and alignment with the strategic objectives of the organization. If a project is experiencing a cost overrun, meaning that it has exceeded its initial budget, it is important to re-evaluate the business case to determine whether the project is still viable and worth pursuing. Re-evaluating the business case can help to identify the root causes of the cost overrun, assess the impact of the overrun on the project's value proposition, and decide whether to continue, modify, or terminate the project. Reviewing the IT investments, reorganizing the IT projects portfolio, and reviewing the IT governance structure are not the most important tasks to perform in this situation. They are more likely to be part of the portfolio management or governance processes that should be done regularly or periodically, not in response to a specific project issue. Moreover, they do not directly address the problem of the cost overrun or its implications for the project's feasibility and desirability. References := What is a Business Case?, How to Write a Business Case, Project Cost Overruns - Reasons, How to Prevent and Manage
CGEIT Exam Question 190
An enterprise is evaluating a Software as a Service (SaaS) solution to support a core business process. There is no outsourcing governance or vendor management in place. What should be the CEO's FIRST course of action?
Correct Answer: A
According to the CGEIT certification guide, the CEO's first course of action should be to ensure that there is a clear governance framework for outsourcing and that the roles and responsibilities for managing service providers are defined and assigned. This will help to establish accountability, oversight and control over the SaaS solution and its provider. References := CGEIT certification guide, domain 1: Governance of Enterprise IT, section 1.3: Governance Frameworks, page 17.
