Isaca Certification Changed CGEIT Questions

Discretionary investments are those that are not mandatory or essential for the business, but may provide some benefits or opportunities. The IT strategy committee should evaluate whether the discretionary investment supports the corporate goals and aligns with the business strategy, as this is the most important criterion for IT governance and value creation. The technical feasibility, the business and technical scope, and the alignment with the EA are also important factors, but they are secondary to the strategic alignment and value proposition of the investment. References := ISACA, CGEIT Review Manual, 7th Edition, 2019, p. 92-93; Rethinking traditional technology budgeting processes; Discretionary Investment Management Definition, Benefits & Risks.

The first consideration for an enterprise faced with a pandemic situation resulting in a mandatory remote work environment should be ensuring staff has the necessary technology to be productive, because this would enable the enterprise to maintain its business continuity and resilience, and to minimize the disruption and loss of the IT services and capabilities. The necessary technology may include hardware, software, network, security, and communication tools that support the remote work activities and requirements of the staff12. The enterprise should also provide guidance and training to the staff on how to use the technology effectively and securely12. The other options are not the first consideration, because they are either dependent on or secondary to the availability and functionality of the technology.

 The best way to prevent adverse effects to the enterprise resulting from the new technology is to develop key risk indicators (KRIs), because they are metrics that measure the potential impact and likelihood of the risks associated with the new technology, and provide early warning signals for taking corrective actions. KRIs can help the enterprise to monitor and manage the risks of integrating the new technology with the current IT infrastructure, and to ensure that the expected benefits and value are realized12. References := ISACA, CGEIT Review Manual, 7th Edition, 2019, page 75-76.

Communicating the objectives and responsibilities to staff is the BEST way to demonstrate senior management’s commitment to IT governance. IT governance is the process of ensuring that IT supports the achievement of the organization’s goals and objectives, and delivers value to its stakeholders1. IT governance involves aligning the IT strategy, policies, processes, and resources with the business strategy, needs, and expectations2. However, implementing and sustaining IT governance requires a significant amount of change in the organization, such as introducing new technologies, standards, roles, and responsibilities3. Therefore, communicating the objectives and responsibilities to staff is essential for demonstrating senior management’s commitment to IT governance, as it can:

Provide the direction and mandate for the IT governance initiative on an ongoing basis

Communicate the vision, mission, goals, and objectives of the IT function to all stakeholders

Allocate the necessary resources and capabilities to enable the IT governance processes and activities

Monitor and evaluate the performance and outcomes of the IT function and provide feedback and recognition

Foster a positive and collaborative culture that values IT as a strategic partner and enabler of the business

The other options are not as good as option C. While it is important to communicate the legal and regulatory requirements, the approved IT investment opportunities, and the need for enterprise architecture (EA), these are not sufficient to demonstrate senior management’s commitment to IT governance. They are rather means to achieve the end goal of implementing and sustaining IT governance. They do not necessarily reflect the level of commitment, involvement, and support from the management toward IT governance. References :=

What is IT Governance? Definition & Examples | ASQ2

What is IT governance? A formal way to align IT & business strategy1

How to Involve Senior Management in the Information Security Governance …3