Question 6 of 472

Which of the following should be the PRIMARY consideration when implementing IT governance in a small, newly established organization?

Answer

Suggested Answer

The suggested answer is D.

Reference:
https://www.isaca.org/resources/news-and-trends/newsletters/cobit-focus/2017/using-cobit-in-government-departments
Community Votes1 vote
DSuggested
100%
Question 7 of 472

Which of the following is the BEST method to monitor IT governance effectiveness?

Answer

Suggested Answer

The suggested answer is B.

Reference:
https://www.isaca.org/resources/isaca-journal/issues/2016/volume-6/performance-measurement-metrics-for-it-governance
Question 8 of 472

An internal auditor conducts an assessment of a two-year-old IT risk management program. Which of the following findings should be of MOST concern to the

CIO?

Answer

Suggested Answer

The suggested answer is A.

The most concerning finding for the CIO should be that organizational responsibility for IT risk management is not clearly defined. Without clear responsibility, accountability, and ownership of the IT risk management process, it is difficult to ensure that the program is effectively implemented and managed. This can lead to a lack of coordination, missed risks, and an overall ineffective risk management program. Addressing this issue is foundational to improving all other aspects and effectiveness of the IT risk management program.

Community Votes4 votes
ASuggested
100%
Question 9 of 472

An enterprise has discovered that there is significant duplication of IT investments. Which of the following would be MOST helpful in addressing this issue?

Answer

Suggested Answer

The suggested answer is C.

Maintaining an inventory of IT investments would be most helpful in addressing significant duplication of IT investments. With a comprehensive inventory, the enterprise can easily identify where duplications occur and take steps to consolidate or eliminate redundant investments. Without an accurate and up-to-date inventory, it would be difficult to track and manage IT resources effectively, leading to continued inefficiencies and wasted resources.

Community Votes1 vote
CSuggested
100%
Question 10 of 472

A regulatory audit assessed an enterprise's main transactional application as noncompliant. In addition to fines and required corrections, an agreement was reached to implement a set of governance controls over IT. Accountability for these controls is BEST assigned to which of the following?

Answer

Suggested Answer

The suggested answer is B.

The accountability for implementing a set of governance controls over IT is best assigned to the CIO (Chief Information Officer). The CIO is responsible for overseeing the IT infrastructure and ensuring compliance with regulations. The role of the CIO includes managing risks associated with IT systems and ensuring that the enterprise's IT environment meets regulatory requirements. While internal audit directors provide oversight and the board of directors offers governance oversight, the day-to-day operational responsibility and accountability for IT governance controls lie with the CIO. Application users are responsible for using the system correctly, but not for implementing governance controls.

Community Votes3 votes
BSuggested
100%