Isaca CGEIT Exam With Confidence Using Practice Dumps

 According to the CGEIT certification guide, key risk indicators (KRIs) are the best way to provide ongoing assurance that significant IT risk is being proactively monitored and does not exceed agreed risk tolerance levels. KRIs are metrics that measure the likelihood or impact of potential or actual risks, and provide early warning signals of increasing risk exposures1. KRIs can help IT management to track and report the status and trends of IT risks, and to trigger timely responses and actions when the risk levels approach or exceed the predefined thresholds2. The other options are less suitable than option C, as they do not provide ongoing assurance or proactive monitoring of IT risk. An IT risk appetite statement is a document that expresses the amount and type of risk that an organization is willing to take in order to meet their strategic objectives3. A risk management policy is a document that defines the principles, framework, and processes for managing risks in an organization. A risk register is a tool that records and tracks the identified risks, their causes, impacts, likelihood, responses, and owners.

References :=

CGEIT certification guide, domain 3: Risk Optimization, section 3.4: Risk Monitoring and Assurance, page 98.

Key Risk Indicators (KRIs) - Definition from KWHS

Risk Appetite - an overview | ScienceDirect Topics

Risk Management Policy - an overview | ScienceDirect Topics

Risk Register - an overview | ScienceDirect Topics

A maturity assessment evaluates the current state of IT governance processes to identify gaps in capability that need improvement. The CGEIT Review Manual 8th Edition states that the primary purpose of a maturity assessment is to identify capability gaps to guide governance framework enhancements.

Extract from CGEIT Review Manual 8th Edition (Domain 1: Governance of Enterprise IT):"The primary purpose of a maturity assessment is to identify gaps in IT governance capabilities, such as processes, skills, or controls, relative to desired maturity levels. This enables the enterprise to prioritize improvements and enhance governance effectiveness." (Approximate reference: Domain 1, Section on Maturity Assessment)

Identifying gaps in capability (option D) focuses on assessing the maturity of governance processes and determining where enhancements are needed to achieve desired outcomes.

Why not the other options?

A. Benchmark IT performance: Benchmarking compares performance, not capability maturity.

B. Identify gaps in performance: Performance gaps are a secondary outcome, while capability gaps are the primary focus.

C. Support impact analysis: Impact analysis is not the primary purpose of maturity assessments.

 An IT investment portfolio is a collection of IT projects, programs, and services that are funded and implemented by an enterprise to achieve its strategic and operational objectives. An IT investment portfolio should be reviewed first to ensure IT congruence with the new business strategy, as it would help to align the IT investments with the business goals, priorities, and needs. A review of the IT investment portfolio would also help to identify and evaluate the current and planned IT initiatives, assess their costs, benefits, risks, and value, and optimize the allocation of IT resources and capabilities. The other options are not as relevant, as they are more related to the execution or delivery of IT activities, rather than the planning or direction of them. References: : CGEIT Review Manual (Digital Version), Chapter 3: Benefits Realization, Section 3.2: IT Investment Management, Subsection 3.2.1: IT Investment ManagementOverview, Page 97 : CGEIT Review Manual (Digital Version), Chapter 3: Benefits Realization, Section 3.2: IT Investment Management, Subsection 3.2.4: IT Investment Management Process, Page 104 : The Power of IT Investment Risk Quantification and Visualization: IT Portfolio Management