Ace Your CGEIT Isaca Certification Exam

 An IT investment portfolio is a collection of IT projects, programs, and services that are funded and implemented by an enterprise to achieve its strategic and operational objectives. An IT investment portfolio should be reviewed first to ensure IT congruence with the new business strategy, as it would help to align the IT investments with the business goals, priorities, and needs. A review of the IT investment portfolio would also help to identify and evaluate the current and planned IT initiatives, assess their costs, benefits, risks, and value, and optimize the allocation of IT resources and capabilities. The other options are not as relevant, as they are more related to the execution or delivery of IT activities, rather than the planning or direction of them. References: : CGEIT Review Manual (Digital Version), Chapter 3: Benefits Realization, Section 3.2: IT Investment Management, Subsection 3.2.1: IT Investment ManagementOverview, Page 97 : CGEIT Review Manual (Digital Version), Chapter 3: Benefits Realization, Section 3.2: IT Investment Management, Subsection 3.2.4: IT Investment Management Process, Page 104 : The Power of IT Investment Risk Quantification and Visualization: IT Portfolio Management

Applying behavioral change management is the greatest challenge to implementing IT governance, as it involves changing the culture, mindset, and behavior of the people who are affected by or involved in IT governance. IT governance is not just a technical or procedural issue, but also a human and organizational one. Therefore, it requires effective communication, education, motivation, and leadership to ensure that the stakeholders understand, accept, and support the IT governance objectives, principles, and practices. The other options are not as challenging, as they can be addressed by following established methods, frameworks, and standards for IT governance. References: : CGEIT Review Manual (Digital Version), Chapter 1: Governance of Enterprise IT, Section 1.2: IT Governance Frameworks and Standards, Subsection 1.2.1: IT Governance Frameworks and Standards Overview, Page 17 : CGEIT Review Manual (Digital Version), Chapter 1: Governance of Enterprise IT, Section 1.4: Implementing and Maintaining an IT Governance Framework, Subsection 1.4.2: Implementing an IT Governance Framework, Page 29 : CGEIT Preparation Tips and the Timelessness of Good Governance1

 Transparency is primarily achieved through performance measurement, as it involves providing clear, accurate, and timely information about the performance of IT processes, services, and projects to the relevant stakeholders. Performance measurement can help to increase the visibility, accountability, and trustworthiness of IT activities and outcomes, and to enable informed decision-making and feedback. The other options are not as primary, as they are more related to the results or consequences of performance measurement, rather than the purpose orintention of it. References: : CGEIT Review Manual (Digital Version), Chapter 3: Benefits Realization, Section 3.3: Performance Measurement and Reporting, Subsection 3.3.1: Performance Measurement and Reporting Overview, Page 112 : CGEIT Review Manual (Digital Version), Chapter 3: Benefits Realization, Section 3.3: Performance Measurement and Reporting, Subsection 3.3.2: Performance Measurement and Reporting Process, Page 113 : Performance Measurement Metrics for IT Governance1

 According to the CGEIT certification guide, the first governance step to address the email issue caused by the zero-tolerance policy regarding security is to obtain senior management inputbased on identified risk. This is because senior management is ultimately responsible for setting the risk appetite and tolerance of the enterprise, and for balancing the security and business needs. The zero-tolerance policy may be too restrictive and may not align with the enterprise’s risk profile and objectives. Therefore, senior management input is needed to review and adjust the policy according to the risk assessment and analysis1. The other options are less appropriate as the first governance step, as they do not involve senior management input or risk-based decision making. References := CGEIT certification guide, domain 3: Risk Optimization, section 3.1: Risk Governance, page 87.