Free Practice Questions for Isaca CGEIT Exam

Answer : B

Ensuring that IT policies are aligned with organizational strategies is best achieved when the policies are developed using a top-down approach. This approach starts with strategic objectives and cascades down to operational policies, ensuring coherence and alignment with the overall direction and goals of the organization. While board approval, annual updates, and periodic audits are important for policy governance, the top-down development approach ensures that policies are inherently designed to support organizational strategies from the outset.

Answer : B

When an enterprise is considering establishing a virtual reality store to sell its products, the IT steering committee's first course of action should be to request a cost-benefit analysis. This analysis will evaluate the financial implications, potential returns, and strategic value of the investment, providing a basis for informed decision-making. While resource gap analysis, development of key risk indicators (KRIs), and threat assessment are important considerations, understanding the economic viability through a cost-benefit analysis is fundamental before proceeding with such strategic initiatives.

Answer : C

Within a governance structure for risk management, the second line of defense is primarily responsible for monitoring risk and controls. This function involves overseeing the effectiveness of the first line of defense (operational management and control implementation) and ensuring that risk management practices are properly integrated into business processes. It serves as a check on the adequacy and effectiveness of risk management across the organization. While conducting audits is a function of the third line of defense (internal audit), and identifying and assessing risk is often a shared responsibility, the distinct role of the second line is to provide ongoing monitoring and oversight of risk management and control processes.

Answer : B

Following a re-prioritization of business objectives by management, the first step to allocate resources to IT processes should be to update the IT strategy. This ensures that the IT strategic plan remains aligned with the overall business direction and objectives. An updated IT strategy will reflect the new priorities and guide the allocation of resources to support the revised business goals effectively. Refining the human resource management plan, implementing a RACI model, and performing a maturity assessment are important actions but should follow the strategic alignment to ensure that all IT efforts and resources are directed towards achieving the updated business objectives.

Answer : C

When an IT governance committee is reviewing its current risk management policy due to increased usage of social media within an enterprise, the first task should be to initiate an assessment of the impact on the business. This assessment will provide a comprehensive understanding of how social media usage affects various aspects of the business, including productivity, security, data privacy, and compliance with existing policies and regulations. Understanding the business impact will inform the committee's decisions on any necessary policy adjustments or controls to mitigate potential risks associated with social media usage. While reviewing current usage levels, blocking access, and reassessing BYOD policies are relevant considerations, they should be informed by an initial assessment of the business impact to ensure that any actions taken are aligned with the enterprise's strategic objectives and risk tolerance.