Isaca CGEIT Online Access

 Management transparency is the most important driver of IT governance, because it enables the alignment of IT and business goals, the accountability of IT performance and value, the communication and collaboration among stakeholders, and the compliance with laws and regulations. Management transparency refers to the degree to which information about IT decisions, processes, outcomes, and risks is shared openly and honestly with relevant parties, such as the board of directors, senior management, business units, IT staff, customers, and regulators. Management transparency can help to build trust, confidence, and support for IT initiatives, as well as to identify and address any issues or gaps in IT governance12. References: What is IT governance? A formal way to align IT & business strategy. Definition of IT Governance (ITG) - IT Glossary | Gartner.

Establishing a uniform definition for likelihood and impact through risk management standards primarily addresses the concern of conflicting interpretations of risk levels. This is because likelihood and impact are two key factors that determine the level of risk associated with a threat or event. Different stakeholders may have different perceptions and expectations of what constitutes a high, medium, or low likelihood or impact, which can lead to inconsistent or inaccurate risk assessment and management. By defining and applying a common set of criteria and scales for likelihood and impact, risk management standards can help to ensure a consistent and objective evaluation and communication of risk levels across the organization

 An assessment to determine if data privacy protection is addressed is the first request that the IT steering committee should make to comply with the board’s mandate, as it helps to ensure that the use of geolocation software does not violate any applicable laws, regulations, or ethical standards regarding the collection, processing, and sharing of personal or sensitive data. Data privacy protection is an important aspect of information governance, which is part of the CGEIT Domain 1: Governance of Enterprise IT1. An assessment can also identify the risks and controls associated with the geolocation software, and provide recommendations and best practices for its implementation and management2. References := CGEIT Exam Content Outline, Domain 1, Subtopic C: Information Governance, Task 1: Define and implement information governance processes to ensure alignment with enterprise goals and objectives.

The key risk indicator (KRI) that would be of most interest to the CIO of a financial institution with a highly regarded reputation for protecting customer interests that has recently deployed a mobile payments program is the total volume of suspicious transactions. This KRI measures the number and value of transactions that are flagged as potentially fraudulent, malicious, or erroneous by the mobile payments system or by the customers. This KRI reflects the level of security and reliability of the mobile payments program, as well as the customer trust and satisfaction. A high volume of suspicious transactions indicates a high risk of financial losses, reputational damage, regulatory penalties, and customer attrition for the financial institution. Therefore, the CIO should monitor this KRI closely and take appropriate actions to prevent or mitigate any incidents that may compromise the mobile payments program