Section 2: Quiz 12 - Enterprise Governance of IT (EGIT)
Which of the following is the prime consideration in determining whether IT adds value to the business? A. The alignment of the IT strategy with the organizational strategy B. Defining organizational accountability C. Empowering IT with the latest technology D. Designing a risk management process for the IT department
A. Alignment of IT strategy with the organization's strategy Explanation: IT can add value to the business only if IT strategies are aligned with business strategies. The other options are not as important as option A.
For sound IT governance, the IT plan should be consistent with the following: A. The organization's business plan B. The organization's business continuity plan C. The organization's investment plan D. The organization's information security plan
A. An organization's business plan Explanation: For effective and sound IT governance, IT and business plans should be aligned and should be moving in the same direction. IT should add value to the business.
Who among the following is responsible for IT governance? A. Directors B. Steering committee C. CEO D. CIO
A. Directors Explanation: IT governance is primarily the obligation of the Board of Directors. The Board of Directors is required to ensure that IT activities are moving in the desired direction and that IT is adding value to the business.
An IS auditor evaluating an IT governance framework will be more concerned about: A. The limited involvement of senior management B. The ROI not being monitored C. The IT Balanced Scorecard not being implemented D. The IT risk management process not being documented
A. Limited involvement on the part of senior management Explanation: For an effective IT governance framework, the involvement of senior management is a must. It is essential to ensure that senior management is involved in the implementation of an IT governance framework. The other options are not as critical as option A.
The greatest concern with respect to an organization's governance model is the following: A. Senior management does not review information security policy B. The patch management policy is not documented C. An IS audit is only conducted once every 2 years D. The IT risk management program only covers critical functions
A. Senior management does not review information security policy Explanation: Participation by top management is critical in ensuring that information security policy complies with business requirements. The information security policy should be reviewed at least once a year to address new and emerging risks. An IT risk management program need not necessarily cover all the functions of the organization. Options B and C are not as critical as option A.
While reviewing IT structures, a major concern revolves around which of the following: A. The alignment of IT and business requirements B. A clear definition of the mission and vision C. The fact that an IT Balanced Scorecard is in place D. The availability of IT resources
A. The alignment of IT and business requirements Explanation: The most important consideration is determining whether IT and business requirements are integrated and heading in the same direction. The other options are important, but determining option A is more critical while reviewing the IT plan.
Which of the following is the main objective of IT governance? A. The optimal use of technology resources B. A reduction in technology costs C. A review of technology processes and guidelines D. Centralized control of IT resources
A. The optimal use of IT resources Explanation: IT governance is intended to ensure the optimal use of IT resources and thereby support the business strategy. The other options are not the ultimate purpose of IT governance.
Which of the following is the primary purpose of corporate governance? A. To provide strategic direction B. To control business functions C. To align IT and business needs D. To implement a reporting hierarchy
A. To provide a strategic direction Explanation: Corporate governance provides strategic direction to the organization as a whole and thereby aligns the efforts of all the functions in the same direction with a view to achieving a common business goal. Corporate governance is applicable to all functions, not just the IT function, and so option C is incorrect. Options B and D are not the main objectives of corporate governance.
The effectiveness of an IT governance implementation can be most effectively determined by: A. Ensuring that the objectives are defined B. Ensuring the involvement of stakeholders C. The identification of emerging risks D. Ensuring that relevant enablers are determined
B. Ensuring the involvement of stakeholders Explanation: The effectiveness of IT governance implementation can be determined most effectively by involving stakeholders and addressing their requirements. Considering the stakeholder's needs and involving them in the project drives its success.
The most important factor regarding the effective implementation of IT governance is: A. A documented IT Balanced Scorecard B. Identified organizational strategies C. Conducting risk assessments D. Documenting an IT policy
B. Identified organizational strategies Explanation: The primary function of IT is to support the business functions. Therefore, identification of the business strategy is the most important factor as regards the effective implementation of IT governance.
To achieve the organization's objective, the most important consideration for an IT department is to have which of the following: A. A budget-oriented philosophy B. Long- and short-term strategies C. The latest technology D. Documented IT processes and guidelines
B. Long- and short-term strategies Explanation: To achieve an organization's objectives, the most important consideration for an IT department is to have long- and short-term plans. An organization's business objective and IT plan should correspond. This is most important consideration of all of the options.
The IS auditor noted that roles and responsibilities in terms of IT governance and management are not properly documented and defined. What is the most appropriate recommendation? A. To review the alignment of IT with business objectives B. To define the accountability for each critical function C. To conduct an IS audit on an ongoing basis D. To create the role of CRO in the organization
B. To define accountability for each critical function. Explanation: The IS auditor should recommend defining accountability for each critical function of the organization. Undefined responsibilities constitute a major risk in attaining business objectives. Other options will not add value if accountability and responsibility are not defined.
The most important method for ensuring alignment of the IT strategy with the organization's business objectives is: A. To review the availability of all resources B. To review the compatibility of the IT plan and the business plan C. To review the effectiveness and efficiency of all resources D. To review the organizations' capacity management
B. To review the compatibility of the IT plan and the business plan Explanation: The best way to determine whether the IT strategy supports the business objective is to review and ensure that the IT plan is consistent with the business strategy. The other options are important, but option B is the best approach.
A major risk associated with a lack of top management support in terms of IT strategic planning is the following: A. The absence of technical advancement B. The absence of IT processes, policies, and guidelines C. A lack of alignment between the technology and business objectives D. A lack of qualified IT staff
C. A lack of alignment between technology and business objectives Explanation: A major risk arising from the lack of involvement of senior management in supporting IT-related strategic planning is that IT activities are not aligned with business objectives. Investment in IT will be of no value if IT does not support the business objectives.
An IT strategic plan should contain: A. Technology requirements B. Control requirements C. A mission and vision D. Project management practices
C. A mission and vision Explanation: The IT strategic plan must contain a clear statement regarding the mission and vision of IT. The other options may not need to be included in an IT strategic plan.
Which of the following is related to strategic planning? A. Software testing methodology and results B. A short-term plan for a new system C. An approved supplier for the company's products D. Evaluation of project requirements
C. An approved suppliers for the company's products Explanation: Selecting suppliers for the company's products constitutes strategic level planning. It aims to provide direction to the business function. The other options relate to short-term or tactical plans.
Which of the following is a prime indicator in deciding the area of priority for IT governance? A. Organization culture B. Process maturity C. Business risks D. Audit reports
C. Business risks Explanation: IT governance should concentrate on those areas with a high business risk. Other options may not provide an indication of a genuine risk to the business.
The primary reason for reviewing the organizational chart is as follows: A. To understand the structure of the organization B. To understand various communication channels C. To understand the roles and responsibilities of individuals D. To understand the network and system architecture
C. To understand the roles and responsibilities of individuals. Explanation: The primary reason for reviewing the organizational chart is to understand the roles, responsibilities, and authority of the individual. This helps in determining whether there is proper segregation of functions. Options B and D can be determined with the use of a network diagram.
Which of the following best ensures effective IT governance? A. The management of risk to an acceptable level B. Deriving the business objective from the IT strategy C. The availability of effective IT resources D. Alignment of the IT strategy with the organization's strategies and objectives
D. Alignment of the IT strategy with the organization's strategies and objectives Explanation: Effective IT governance can be best ensured by aligning the IT strategy with the organization's strategies and objectives. The Board of Directors is required to ensure that the IT strategy complies with the business strategy.
The most important consideration when evaluating the IT strategy of an organization is: A. The involvement of line management B. Adherence to budget C. The inclusion of a procurement process D. Support for the objectives of the business
D. Support the objectives of the business Explanation: The strategic plan of the IT department should be consistent with the organization's business objective. IT should add value to the business. The other options are not as important as option D.
Strategic alignment can best be improved by: A. Managing third-party service provider risk B. Updating the knowledge base on clients, the industry, and products C. Providing a platform to facilitate the sharing of business information D. Involvement of top management in aligning business and technology requirements
D. The involvement of top management in aligning business and technology Explanation: The involvement of top management in mediating between the imperatives of business and technology is the best option when it comes to improving strategic alignment.