Pearson CGEIT New Attempt

Developing an IT strategy to leverage AI requires a clear understanding of business needs and objectives to ensure alignment. The CGEIT Review Manual 8th Edition emphasizes that the first step in strategic IT planning is to identify and document business requirements, as these drive the development of an IT strategy that supports enterprise goals.

Extract from CGEIT Review Manual 8th Edition (Domain 4: Strategic Management):"The development of an IT strategy begins with a thorough understanding of business requirements and objectives. Documenting requirements mapped to business functions ensures that the IT strategy is aligned with enterprise goals and delivers value." (Approximate reference: Domain 4, Section on Strategic Alignment)

Documenting requirements mapped to each business function (option A) ensures that the AI strategy is tailored to specific business needs, such as improving customer experience, optimizing operations, or enhancing decision-making. This step precedes technical or operational considerations, as it establishes the foundation for the strategy.

Why not the other options?

B. Benchmark how other IT organizations are leveraging AI: Benchmarking is useful for gaining insights but is a secondary step that should follow the identification of business requirements. Without clear requirements, benchmarking may lead to irrelevant comparisons.

C. Define the IT infrastructure requirements for AI implementation: Infrastructure requirements are technical details that come after understanding business needs and defining the scope of AI use cases.

D. Define an operational level agreement (OLA) between IT and business functions: OLAs are operational agreements that support implementation, not strategy development. They are premature at this stage.

Final approval for accepting the associated IT risk should be obtained from the business sponsor. This is because the business sponsor is the person or group who initiates, funds, and owns the business case for the mobile sales channel project1. The business sponsor is responsible for defining the business objectives, benefits, and requirements of the project, and for ensuring its alignment with the enterprise strategy1. The business sponsor is also accountable for the outcomes and value of the project, and for managing the risks and issues that may affect its success1. Therefore, the business sponsor should have the authority and responsibility to approve the IT risk associated with the mobile sales channel project, as it may impact the business performance and value.

The other options, risk manager, chief information officer (CIO), and IT steering committee are not the best choices for obtaining final approval for accepting the associated IT risk. They are more involved in the identification, assessment, mitigation, and monitoring of IT risks, rather than their acceptance2. They may also have different perspectives and interests than the business sponsor regarding the IT risk associated with the mobile sales channel project. For example, the risk manager may focus on minimizing or avoiding IT risks, while the CIO may focus on maximizing or exploiting IT opportunities. The IT steering committee may have a broader view of IT risks across multiple projects and programs, rather than a specific one. Therefore, they may not have the final say or decision on accepting the IT risk associated with the mobile sales channel project.

Comprehensive and Detailed Explanation:

The CGEIT Review Manual 8th Edition, in its Governance of Enterprise IT domain, emphasizes that an ethics program requires a culture of accountability and responsibility to succeed. This culture ensures that ethical behavior is embedded in organizational values, encouraging employees to act with integrity. For example, leadership modeling ethical behavior fosters trust and compliance. The manual likely references COBIT 2019’s EDM01-Ensured Governance Framework Setting and Maintenance, which highlights cultural factors in governance.

Option A: Whistleblower processes are important but secondary to culture.

Option C: Roles and responsibilities support the program but are not the most critical.

Option D: Mission and vision statements are foundational but less directly tied to ethics.

Double Verification: The answer aligns with COBIT’s EDM01 and the CGEIT domain’s focus on ethical governance. Culture is a key ISACA factor for ethics programs.

ISACA CGEIT Review Manual 8th Edition, Domain 1: Governance of Enterprise IT (focus on ethics programs).

COBIT 2019, EDM01-Ensured Governance Framework Setting and Maintenance.

ISACA Glossary (for definitions of ethics program), available at

Comprehensive and Detailed Explanation:

The CGEIT Review Manual 8th Edition, in its Risk Optimization domain, emphasizes that IT risk management policies and standards must support the enterprise’s strategic objectives to ensure alignment with business priorities. Enterprise goals and objectives provide the foundation for IT risk management, ensuring that policies address risks that could hinder strategic outcomes (e.g., market expansion, regulatory compliance). For example, if an enterprise goal is to enhance customer trust, risk policies might prioritize cybersecurity. The manual likely references COBIT 2019’s APO12-Managed Risk, which stresses aligning risk management with business objectives.

Option A: Best practices are important but generic and may not reflect specific enterprise needs.

Option B: Corporate risk culture influences risk management but is secondary to strategic goals.

Option D: ERM framework is a broader structure that IT risk management should integrate with, but enterprise goals are the primary driver.

Double Verification: The answer aligns with COBIT’s APO12 and the CGEIT domain’s focus on business alignment. Enterprise goals are the primary focus for risk policy alignment in ISACA’s frameworks.

ISACA CGEIT Review Manual 8th Edition, Domain 4: Risk Optimization (focus on risk policy alignment).

COBIT 2019, APO12-Managed Risk.

ISACA Glossary (for definitions of risk management), available at