IT Governance And Management - Level 1

20 Questions

SettingsSettingsSettings
Please wait...
IT Governance And Management - Level 1

.


Questions and Answers
  • 1. 
    Properly implemented, ___________ is a process whereby senior management exerts strategic control over business functions through policies, objectives, delegation of authority, and monitoring. 
  • 2. 
    Properly implemented, governance is a process whereby senior management exerts strategic control over business functions through _______, __________, delegation of ______________, and ___________. 
  • 3. 
    Governance begins with the establishment of top-level objectives and policies that are translated into ______ actions, ______, ________, ___________, and other activities downward through each level in the organization.  
  • 4. 
    Governance begins with the establishment of top-level objectives and policies that are translated into ______ actions, ______, ________, procedures, and other activities downward through each level in the organization.  
  • 5. 
    Governance begins with the establishment of top-level objectives and policies that are translated into ______ actions, ______, processes, ___________, and other activities downward through each level in the organization.  
  • 6. 
    Governance begins with the establishment of top-level objectives and policies that are translated into ______ actions, policies, ________, ___________, and other activities downward through each level in the organization.  
  • 7. 
    Governance begins with the establishment of top-level objectives and policies that are translated into more actions, ______, ________, ___________, and other activities downward through each level in the organization.  
  • 8. 
    Some IT personnel need to spend at least part of their time developing plans for what the __ ___________ will be doing two, three, or more years in the future.
  • 9. 
    _____________ state only what must be done (or not done) in an IT organization.
  • 10. 
    Risk management is a _________ ____________ activity that has no beginning and no end.
  • 11. 
    The primary services in the IT organization typically are _______, _________, and ________.
  • 12. 
    Organizations require ______________ to distribute responsibility to groups of people with specific skills and knowledge.
  • 13. 
    Because IT governance is more about business processes than technology. audits of IT governance rely more on ________ and ___________ reviews than on inspections of information systems.
  • 14. 
    This group will advise the board of directors on strategies to enable better IT support of the organization’s overall strategy and objectives.
  • 15. 
    In the BSC, management defines key performance indicators in each of four perspectives: •   Financial   Key financial items measured include the cost of strategic initiatives, support costs of key applications, and capital investment. •   Customer   Key measurements include the satisfaction rate with various customer-facing aspects of the organization. •   Internal processes   Measurements of key activities include the number of projects and the effectiveness of key internal workings of the organization. •   Innovation and learning   Human-oriented measurements include turnover, illness, internal promotions, and training. Gregory, Peter H.. CISA Certified Information Systems Auditor All-in-One Exam Guide, Fourth Edition (p. 22). McGraw-Hill Education. Kindle Edition. 
  • 16. 
    The standard IT-BSC has four perspectives: •   Business contribution   Key indicators here are the perception of IT department effectiveness and value as seen from other (non-IT) corporate executives. •   User   Key measurements include end-user satisfaction rate with IT systems and the IT support organization. Satisfaction rates of external users should be included if the IT department builds or supports externally facing applications or systems. •   Operational excellence   Key measurements include the number of support cases, amount of unscheduled downtime, and defects reported. •   Innovation   This includes the rate at which the IT organization utilizes newer technologies to increase IT value and the amount of training made available to IT staff. Gregory, Peter H.. CISA Certified Information Systems Auditor All-in-One Exam Guide, Fourth Edition (p. 23). McGraw-Hill Education. Kindle Edition. 
  • 17. 
    Level, IT strategic planning is about the ability to provide the capability and capacity for IT services that will match the levels of and the types of business activities that the organization expects to achieve at certain points in the future. Gregory, Peter H.. CISA Certified Information Systems Auditor All-in-One Exam Guide, Fourth Edition (pp. 26-27). McGraw-Hill Education. Kindle Edition. 
  • 18. 
    A steering committee is a body of senior managers or executives that meets from time to time to discuss high-level and long-term issues in the organization. Gregory, Peter H.. CISA Certified Information Systems Auditor All-in-One Exam Guide, Fourth Edition (p. 27). McGraw-Hill Education. Kindle Edition. 
  • 19. 
    Security governance is the collection of management activities that establishes key roles and responsibilities, identifies and treats risks to key assets, and measures key security processes. Gregory, Peter H.. CISA Certified Information Systems Auditor All-in-One Exam Guide, Fourth Edition (p. 23). McGraw-Hill Education. Kindle Edition. 
  • 20. 
    The main roles and responsibilities for security should be as follows: •   Board of directors   The board is responsible for establishing the tone for risk appetite and risk management in the organization. To the extent that the board of directors establishes business and IT security, so, too, should the board consider risk and security in that strategy. •   Steering committee   The security steering committee should establish the operational strategy for security and risk management in the organization. This includes setting strategic and tactical roles and responsibilities in more detail than was done by the board of directors. The security strategy should be in harmony with the strategy for IT and the business overall. The steering committee should also ratify security policy and other strategic policies and processes developed by the chief information security officer. •   Chief information security officer (CISO)   The CISO should be responsible for developing security policy; conducting risk assessments; developing processes for risk management, vulnerability management, incident management, identity and access management, security awareness and training, third-party risk management, and compliance management; and informing the steering committee and board of directors of incidents and new or changed risks. In some organizations, this is known as the chief information risk officer (CIRO). Gregory, Peter H.. CISA Certified Information Systems Auditor All-in-One Exam Guide, Fourth Edition (pp. 23-24). McGraw-Hill Education. Kindle Edition. 
Back to Top Back to top