Isaca CGEIT Exam Questions

Question 6 of 472

Which of the following should be the PRIMARY consideration when implementing IT governance in a small, newly established organization?

Approving enterprise architecture and standards

Defining IT project management methodology

Assigning a budget for IT governance applications

Assigning IT roles and responsibilities

Correct Answer: D

Question 7 of 472

Which of the following is the BEST method to monitor IT governance effectiveness?

Service level management

Balanced scorecard

Risk control self-assessment

Strengths, weaknesses, opportunities, and threats (SWOT) analysis

Correct Answer: B

Question 8 of 472

An internal auditor conducts an assessment of a two-year-old IT risk management program. Which of the following findings should be of MOST concern to the
CIO?

Organizational responsibility for IT risk management is not clearly defined.

IT risk training records are not properly retained in accordance with established schedules.

None of the members of the IT risk management team have risk management-related certifications.

Only a few key risk indicators identified by the IT risk management team are being monitored and the rest will be on a phased schedule.

Correct Answer: A

The most concerning finding for the CIO should be that organizational responsibility for IT risk management is not clearly defined. Without clear responsibility, accountability, and ownership of the IT risk management process, it is difficult to ensure that the program is effectively implemented and managed. This can lead to a lack of coordination, missed risks, and an overall ineffective risk management program. Addressing this issue is foundational to improving all other aspects and effectiveness of the IT risk management program.

Question 9 of 472

An enterprise has discovered that there is significant duplication of IT investments. Which of the following would be MOST helpful in addressing this issue?

Establishing an IT steering committee

Delegating IT investment decisions to centralized IT

Maintaining an inventory of IT investments

Increasing the frequency of IT investment audits

Correct Answer: C

Maintaining an inventory of IT investments would be most helpful in addressing significant duplication of IT investments. With a comprehensive inventory, the enterprise can easily identify where duplications occur and take steps to consolidate or eliminate redundant investments. Without an accurate and up-to-date inventory, it would be difficult to track and manage IT resources effectively, leading to continued inefficiencies and wasted resources.

Question 10 of 472

A regulatory audit assessed an enterprise's main transactional application as noncompliant. In addition to fines and required corrections, an agreement was reached to implement a set of governance controls over IT. Accountability for these controls is BEST assigned to which of the following?

Internal audit director

CIO

The board of directors

Application users

Correct Answer: B

The accountability for implementing a set of governance controls over IT is best assigned to the CIO (Chief Information Officer). The CIO is responsible for overseeing the IT infrastructure and ensuring compliance with regulations. The role of the CIO includes managing risks associated with IT systems and ensuring that the enterprise's IT environment meets regulatory requirements. While internal audit directors provide oversight and the board of directors offers governance oversight, the day-to-day operational responsibility and accountability for IT governance controls lie with the CIO. Application users are responsible for using the system correctly, but not for implementing governance controls.