CGEIT Leak Questions

 According to the CGEIT certification guide, key risk indicators (KRIs) are the best way to provide ongoing assurance that significant IT risk is being proactively monitored and does not exceed agreed risk tolerance levels. KRIs are metrics that measure the likelihood or impact of potential or actual risks, and provide early warning signals of increasing risk exposures1. KRIs can help IT management to track and report the status and trends of IT risks, and to trigger timely responses and actions when the risk levels approach or exceed the predefined thresholds2. The other options are less suitable than option C, as they do not provide ongoing assurance or proactive monitoring of IT risk. An IT risk appetite statement is a document that expresses the amount and type of risk that an organization is willing to take in order to meet their strategic objectives3. A risk management policy is a document that defines the principles, framework, and processes for managing risks in an organization. A risk register is a tool that records and tracks the identified risks, their causes, impacts, likelihood, responses, and owners.

References :=

CGEIT certification guide, domain 3: Risk Optimization, section 3.4: Risk Monitoring and Assurance, page 98.

Key Risk Indicators (KRIs) - Definition from KWHS

Risk Appetite - an overview | ScienceDirect Topics

Risk Management Policy - an overview | ScienceDirect Topics

Risk Register - an overview | ScienceDirect Topics

The most important consideration during the decision-making process of outsourcing some IT services is to identify the core IT processes that are critical for the organization’s strategic objectives and competitive advantage. Core IT processes are those that provide unique value to the organization and differentiate it from its competitors. Outsourcing core IT processes may result in loss of control, innovation, and differentiation, as well as increased dependency and risk. Therefore, core IT processes should be retained in-house, while non-core IT processes can be outsourced to benefit from economies of scale, cost reduction, and access to specialized skills and technologies. References := CGEIT Exam Content Outline, Domain 3: Benefits Realization1; COBIT 5: Enabling Processes, chapter 4, section 4.2.32; IT governance -managing the outsourcing relationship

The first step in creating an effective long-term mobile application strategy is to identify the business requirements concerning mobile applications. Business requirements are the needs, expectations, and objectives of the business stakeholders and customers for a product or service. Business requirements can help to define the scope, purpose, value, and quality of the mobile applications, as well as to align them with the business strategy and goals12.

By identifying the business requirements concerning mobile applications, the enterprise can understand what the customers want and need from the mobile applications, what problems or pain points they are facing with the current applications, what features or functions they are looking for or missing, what benefits or outcomes they are expecting or measuring, and what preferences or feedback they have for improving the mobile applications12.

Identifying the business requirements concerning mobile applications can also help the enterprise to prioritize and plan the development, testing, and deployment of the mobile applications, by using criteria such as feasibility, suitability, scalability, security, compliance, etc. Identifying the business requirements concerning mobile applications can also help the enterprise to monitor and evaluate the performance and satisfaction of the mobile applications, by using metrics, indicators, and reports12.

Therefore, identifying the business requirements concerning mobile applications is the first step in creating an effective long-term mobile application strategy. This can help the enterprise to deliver mobile applications that meet or exceed the customer expectations and requirements, and that are superior to the legacy browser-based applications. References: Business Requirements: Definition & Best Practices. How to Write a Business Requirements Document: A Comprehensive Guide.

Information owners are responsible for defining the quality criteria for information within their domain, based on business requirements and stakeholder expectations. Information owners are also accountable for ensuring that information quality is maintained and improved. References := COBIT 5: Enabling Information, chapter 4, section 4.2.1