CGEIT — Governance of Enterprise IT Study Guide

Which of the following best describes the primary purpose of enterprise IT governance?

• A To minimize IT spending across all departments
• B To ensure IT investments deliver value aligned with business strategy and objectives ✓ Correct
• C To replace business management with IT management
• D To establish IT policies that restrict user access

In the COBIT framework, which process domain focuses on establishing IT governance structures and decision rights?

• A Evaluate, Direct, and Monitor (EDM) ✓ Correct
• B Manage Operations
• C Align, Plan, and Organize (APO)
• D Build, Acquire, and Implement (BAI)

What is a key difference between IT governance and IT management?

• A IT management is only performed by the CIO while IT governance involves multiple stakeholders
• B IT governance is only concerned with security while IT management handles all other functions
• C IT governance ensures accountability and value delivery; IT management executes the strategies set by governance ✓ Correct
• D IT governance focuses on day-to-day operations while IT management focuses on strategy

Which stakeholder group should primarily be responsible for defining the organization's IT vision and strategy?

• A The CIO acting independently without board input
• B External consultants hired specifically for strategy development
• C The IT department exclusively
• D Senior business executives in collaboration with IT leadership ✓ Correct

What is the primary role of an IT governance committee or steering committee?

• A To provide oversight, direction, and accountability for IT investments and strategic initiatives ✓ Correct
• B To handle all IT technical troubleshooting and support issues
• C To eliminate the need for a CIO position within the organization
• D To manage individual IT project schedules and budgets at the operational level

Which of the following is a critical component of an effective enterprise IT governance framework?

• A Annual board meetings to review IT matters once per year
• B Elimination of all risk through complete restriction of IT system usage
• C Centralized control of all IT decisions at the executive level with no delegation
• D Clear definition of roles, responsibilities, and decision rights across the organization ✓ Correct

In the context of IT governance, what does 'accountability' mean?

• A The complete elimination of all errors in IT systems
• B The ability to blame individuals when things go wrong
• C The authority to make all IT decisions without any oversight
• D The responsibility to report on performance, outcomes, and adherence to governance policies and procedures ✓ Correct

Which framework is most commonly used globally for establishing comprehensive IT governance practices?

• A ISO 27001 for all governance needs
• B Project Management Institute (PMI) standards
• C COBIT, often combined with ISO/IEC 38500 principles ✓ Correct
• D ITIL exclusively

What is the relationship between business strategy and IT strategy in a well-governed organization?

• A IT strategy should directly support and enable the achievement of business strategy and objectives ✓ Correct
• B Business strategy and IT strategy should be developed separately and integrated only during implementation
• C IT strategy should be completely independent of business strategy to maintain IT autonomy
• D Business strategy dictates all IT decisions without input from IT professionals

Which of the following best represents a key benefit of implementing enterprise IT governance?

• A It guarantees that no IT security incidents will ever occur
• B It increases IT spending to fund additional technology initiatives
• C It enables better alignment of IT investments with business goals and improved decision-making ✓ Correct
• D It eliminates the need for IT risk management practices

In enterprise IT governance, what does 'transparency' require?

• A Providing clear, timely information about IT decisions, performance, and outcomes to appropriate stakeholders ✓ Correct
• B Eliminating all confidential information from IT reporting
• C Publishing complete IT system source code publicly on the internet
• D Making all IT decisions visible only to the board of directors

What is a primary challenge in implementing IT governance across a geographically distributed organization?

• A Ensuring consistent governance policies and controls are applied across all locations while respecting local business conditions and regulations ✓ Correct
• B Eliminating IT services in remote locations to simplify governance
• C Making all IT decisions from headquarters without any local input or flexibility
• D Having each location develop completely independent governance frameworks

Which of the following is an example of a key performance indicator (KPI) that would be appropriate for measuring IT governance effectiveness?

• A The total number of IT staff members employed by the organization
• B The percentage of IT-enabled business initiatives that achieved their planned business outcomes ✓ Correct
• C The number of IT support tickets resolved per week
• D The age of the organization's IT hardware equipment

What role does the board of directors play in enterprise IT governance?

• A The board's involvement in IT governance is optional and not necessary for organizational success
• B The board should micromanage all IT operational decisions and activities
• C The board provides oversight of IT governance, ensures IT strategy supports business objectives, and receives regular reporting on IT performance and risk ✓ Correct
• D The board should focus exclusively on financial and legal matters, leaving IT to IT professionals

In IT governance, what is meant by 'segregation of duties'?

• A Ensuring that no single individual has control over an entire critical IT process from authorization through execution ✓ Correct
• B Separating IT staff into different physical office locations
• C Dividing IT into separate business units that do not communicate
• D Preventing IT staff from working on multiple projects simultaneously

Which governance principle emphasizes making decisions at the appropriate organizational level closest to where execution occurs?

• A Hierarchical authority principle
• B Delegation and subsidiarity principle ✓ Correct
• C Executive dominance principle
• D Centralization principle

What is the primary purpose of an IT governance maturity model?

• A To eliminate the need for ongoing governance improvements
• B To assess the current state of IT governance and identify opportunities for improvement toward a target maturity level ✓ Correct
• C To reduce the complexity of IT governance by focusing on fewer processes
• D To guarantee that all IT governance processes will be perfect

In the context of IT governance, what should be the relationship between governance and compliance?

• A Governance and compliance are unrelated concepts that should be managed separately
• B Compliance is the sole focus of IT governance with no other objectives
• C Governance provides the framework; compliance demonstrates adherence to that framework and applicable regulations ✓ Correct
• D Compliance requirements should be ignored if they conflict with governance objectives

Which of the following represents an appropriate governance concern regarding IT vendor management?

• A Avoiding vendor contracts to prevent any governance obligations related to vendor performance
• B Ensuring vendor selection processes are transparent and follow established criteria aligned with business needs and risk tolerance ✓ Correct
• C Allowing individual IT staff members to independently select and contract with vendors without oversight
• D Selecting vendors exclusively based on the lowest price without considering capability or risk factors

What is a critical success factor for establishing effective IT governance in an organization?

• A Strong commitment and visible support from senior business and IT leadership demonstrating the importance of governance ✓ Correct
• B Implementing governance frameworks without communicating rationale or expectations to staff
• C Establishing governance structures that operate independently from the organization's business strategy and objectives
• D Resistance from business leaders who prefer to avoid IT governance oversight

In IT governance, what does 'value realization' primarily refer to?

• A The reduction of all IT costs regardless of business impact
• B The technical performance metrics of IT systems and infrastructure
• C The number of new IT technologies deployed in the organization
• D The extent to which IT investments deliver expected business benefits and contribute to organizational objectives ✓ Correct

Which governance practice helps ensure that IT decisions are informed by appropriate risk considerations?

• A Ignoring all risks to enable faster decision-making and innovation
• B Implementing a structured risk assessment and management process as part of the governance framework ✓ Correct
• C Delegating all risk decisions exclusively to the IT security team
• D Making all IT decisions risk-free by avoiding any new initiatives or changes

What is the primary distinction between a governance framework and a governance model?

• A Frameworks and models are identical terms used interchangeably
• B Frameworks are outdated while models represent the latest governance approaches
• C Models are used only for small organizations while frameworks are for large enterprises
• D A framework provides the overall structure and principles; a model demonstrates how those principles are implemented and operated in practice ✓ Correct

In enterprise IT governance, what is the primary reason for establishing clear escalation procedures?

• A To eliminate accountability for decision outcomes
• B To ensure that problematic decisions or issues are addressed by appropriate authority levels with sufficient power to resolve them ✓ Correct
• C To ensure that all decisions must be approved by the highest executive level regardless of their significance
• D To increase bureaucracy and slow down organizational decision-making

Which of the following BEST describes the primary purpose of IT governance?

• A To ensure IT investments deliver business value and support organizational objectives ✓ Correct
• B To create detailed documentation for all IT processes and procedures
• C To implement technical controls and security patches across all systems
• D To establish IT department reporting structures and management hierarchies

An organization implements an IT governance framework. What is the MOST critical success factor for this implementation?

• A Selection of the most comprehensive framework available in the market
• B Alignment with business strategy and organizational culture ✓ Correct
• C Establishment of a dedicated IT governance office with extensive staffing
• D Complete documentation of all IT processes within the first quarter

Which governance structure is MOST appropriate for an organization with multiple business units operating in different geographic regions?

• A Completely decentralized governance allowing each region full IT independence
• B Centralized IT governance with all decisions made by headquarters IT leadership
• C Matrix governance reporting IT leaders to both regional and functional management
• D Federated governance model balancing central standards with local business unit autonomy ✓ Correct

In the context of IT governance, what does 'accountability' primarily mean?

• A Clear assignment of responsibility for IT decisions and outcomes, with consequences for performance ✓ Correct
• B Regular reporting of IT metrics to the board of directors and external stakeholders
• C Documentation of who performed each technical task within the IT department
• D The ability to track and audit all IT expenditures and resource allocation

Which of the following represents a KEY responsibility of the board of directors regarding IT governance?

• A Managing day-to-day IT operations and resolving technical issues within the IT department
• B Approving the detailed IT project budget allocations and technical architecture decisions
• C Selecting specific technology vendors and approving individual purchase orders for IT equipment
• D Overseeing IT governance and ensuring management implements effective IT controls and risk management ✓ Correct

An organization is evaluating IT governance frameworks. Which framework is PRIMARILY designed to address information security and control objectives?

• A COBIT
• B PRINCE2
• C ISO 27001 ✓ Correct
• D ITIL

When an organization experiences a significant IT governance failure, what is the MOST important action to prevent recurrence?

• A Allocate substantial budget increases to the IT department to improve capabilities
• B Immediately replace the IT leadership team with new personnel from external sources
• C Conduct a comprehensive root cause analysis and implement systemic governance improvements ✓ Correct
• D Increase IT compliance audits and create more detailed documentation requirements

Which of the following BEST describes the relationship between IT governance and IT management?

• A IT governance is the responsibility of IT managers, while IT management is the responsibility of the board
• B IT governance and IT management are interchangeable terms referring to the same practices
• C IT management is a subset of IT governance focusing solely on technical operations
• D IT governance sets the direction and accountability framework; IT management executes within that framework ✓ Correct

An organization establishes an IT steering committee. What is the PRIMARY purpose of this committee?

• A To document all IT policies and procedures for compliance with regulatory requirements
• B To make strategic IT decisions and align IT investments with business priorities ✓ Correct
• C To supervise all IT department employees and approve their performance evaluations
• D To implement technical controls and manage IT security incidents

Which governance mechanism is MOST effective in ensuring IT investments generate measurable business value?

• A Implementing strict IT budgeting controls and cost reduction initiatives
• B Creating comprehensive IT policies requiring extensive documentation of all IT initiatives
• C Establishing clear IT service level agreements with financial penalties for non-compliance
• D Defining IT portfolio management with business case assessment and post-implementation reviews ✓ Correct

In IT governance, what does 'transparency' primarily contribute to?

• A Reduction in IT operational costs through process automation and efficiency improvements
• B Compliance with regulatory requirements for data protection and information security
• C The ability to monitor and audit all IT systems and network traffic
• D Clear visibility into IT decisions, performance, and resource utilization enabling informed stakeholder assessment ✓ Correct

An organization is implementing risk management as part of its IT governance. Which approach BEST integrates risk management with IT decision-making?

• A Risk evaluation is embedded into business case development and investment approval processes ✓ Correct
• B Risk assessments are performed annually and reported separately from IT investment decisions
• C IT leadership maintains a separate risk register that is reviewed independently by the compliance department
• D Risk management focuses exclusively on cybersecurity threats and compliance violations

Which of the following is a PRIMARY indicator that an organization's IT governance is NOT functioning effectively?

• A IT investments frequently fail to deliver expected business benefits and there is unclear accountability for outcomes ✓ Correct
• B IT policy documentation requires periodic updates and revisions based on business changes
• C The CIO reports to the CFO rather than directly to the CEO
• D The organization uses multiple IT frameworks rather than a single comprehensive framework

An organization establishes a formal IT governance framework. What is the MOST important first step?

• A Establishing an IT governance office and assigning dedicated personnel to governance activities
• B Creating detailed policies and procedures for every IT activity across the organization
• C Assessing the current state of IT governance, defining the target state, and gaining stakeholder buy-in ✓ Correct
• D Selecting and purchasing a comprehensive governance software tool for documentation and tracking

Which governance principle is MOST critical when IT must balance innovation with risk management?

• A Risk-informed decision-making—explicitly evaluating risk versus business benefit to guide investments ✓ Correct
• B Risk elimination—implementing extensive controls that prevent all potential adverse outcomes
• C Risk avoidance—declining all IT initiatives that carry any level of risk
• D Risk acceptance—implementing all proposed IT innovations regardless of identified risks

In IT governance, what is the purpose of establishing IT performance metrics and KPIs?

• A To measure how well IT delivers services and achieves business objectives, enabling accountability and improvement ✓ Correct
• B To comply with regulatory requirements mandating IT performance reporting
• C To justify IT department budgets and headcount to executive leadership annually
• D To identify underperforming IT employees and determine appropriate disciplinary actions

An organization's IT governance must address which of the following stakeholder groups?

• A All employees across the organization who use IT services
• B Exclusively external auditors and regulatory bodies that oversee IT compliance
• C The board, executive management, business unit leaders, IT leadership, and external stakeholders when relevant ✓ Correct
• D Only the IT department and CIO leadership

Which of the following BEST explains why IT governance should be integrated with enterprise governance rather than kept separate?

• A Integration allows the board to reduce its oversight responsibilities for IT matters
• B IT governance is too complex for general governance frameworks and requires specialized oversight
• C Separate IT governance reduces conflicts between IT and business leadership
• D IT increasingly impacts all business processes, risk, and strategy, making integration essential for organizational effectiveness ✓ Correct

What is a KEY advantage of establishing clear IT governance roles and responsibilities?

• A It reduces the overall cost of IT operations through elimination of duplicate functions
• B It allows the organization to operate without formal IT oversight or board involvement
• C It ensures accountability for IT decisions and outcomes, reducing ambiguity and conflict ✓ Correct
• D It eliminates the need for IT policies and procedures documentation

An organization experiences persistent IT project failures despite implementing PRINCE2 project management methodology. What might this indicate about the organization's IT governance?

• A Project management methodology alone is insufficient; governance issues may include poor portfolio management or business alignment ✓ Correct
• B PRINCE2 is not appropriate for the organization and should be replaced with Agile methodology
• C The organization should reduce IT spending to match the current capability of the IT department
• D PRINCE2 implementation was not comprehensive enough and requires additional training for all staff

Which of the following is an appropriate use of IT governance frameworks like COBIT?

• A As a reference model that organizations can adapt to their specific business context and maturity level ✓ Correct
• B As a prescriptive mandate requiring organizations to implement every process identically
• C As a purely technical standard for implementing IT infrastructure and architecture
• D As a replacement for industry-specific regulations and compliance requirements

When IT governance decisions result in conflicts between business units with competing priorities, how should this be MOST appropriately resolved?

• A Give priority to the business unit with the largest budget or most senior executive sponsorship
• B Escalate all conflicts to the board of directors for resolution on a case-by-case basis
• C Allow each business unit to implement its own IT solutions independent of other units
• D Through formal governance mechanisms that evaluate business impact, strategic alignment, and risk for prioritization decisions ✓ Correct

An organization's IT governance includes a requirement for 'IT investment review' before major projects begin. What is the PRIMARY governance purpose of this control?

• A To guarantee that the project will be completed on schedule and within budget constraints
• B To ensure IT department has sufficient staffing to execute the proposed project
• C To verify that IT investments are properly aligned with business strategy, justified by business case, and have appropriate governance approval ✓ Correct
• D To confirm that the project uses approved technologies consistent with the IT architecture standards

Which of the following represents a MATURE approach to IT governance in managing IT risk?

• A Implementing a risk management process that identifies, assesses, and monitors IT risks within acceptable organizational tolerance ✓ Correct
• B Avoiding all IT innovations and changes that could introduce new risks to the organization
• C Requiring IT security department approval for every operational decision before implementation
• D Transferring all IT risk to external cloud providers and third-party vendors

An organization implements IT governance but finds that IT leadership interprets governance requirements differently than business leadership intends. What does this MOST likely indicate?

• A There is insufficient communication, alignment, and clarity in governance policies and expectations ✓ Correct
• B The organization's business strategy is too ambiguous to support effective IT governance
• C IT leadership is intentionally resisting governance implementation and requires disciplinary action
• D The governance framework selected is inadequate and should be replaced immediately

An organization is implementing a new enterprise resource planning (ERP) system. Which governance mechanism would be most effective in ensuring alignment between IT investments and business strategy?

• A Delegating all IT investment decisions to the CIO without business input
• B Implementing a help desk ticketing system for issue tracking
• C Creating a centralized IT help desk to manage user requests
• D Establishing an IT steering committee with representation from both business and IT leadership ✓ Correct

Which of the following best describes the primary purpose of an IT balanced scorecard in enterprise governance?

• A To document all IT policies and procedures for compliance purposes
• B To measure IT performance across financial, customer, internal process, and learning perspectives aligned with business strategy ✓ Correct
• C To track the financial performance of IT vendors
• D To monitor individual employee IT skills and competencies

An enterprise must determine the appropriate level of IT governance formality for its operations. Which factor should have the LEAST influence on this decision?

• A The size and complexity of the organization
• B The color scheme preferences of the CIO's office ✓ Correct
• C The organization's risk appetite and exposure to IT-related risks
• D Regulatory and compliance requirements applicable to the industry

When establishing IT governance for a multinational corporation, which approach best addresses the challenge of maintaining consistency while respecting local regulatory differences?

• A Establish governance only at headquarters and eliminate regional IT decision-making authority entirely
• B Implement identical IT policies across all locations without modification
• C Allow each regional office complete autonomy in IT governance decisions
• D Define core IT governance principles globally while permitting local adaptations to comply with regional regulations and business contexts ✓ Correct

An organization experiences frequent conflicts between the IT department and business units regarding IT resource allocation. What governance structure would most effectively resolve this ongoing tension?

• A Eliminating formal governance and allowing business units to procure IT services independently from external vendors
• B Establishing a portfolio management governance process with clearly defined criteria for evaluating and prioritizing IT investments across business units ✓ Correct
• C Increasing the authority of the IT department to unilaterally make all resource allocation decisions
• D Implementing a chargeback model where business units pay directly for IT services consumed

Which governance mechanism is most critical for ensuring that IT service delivery meets defined business requirements and performance expectations?

• A Quarterly updates to the IT asset inventory
• B Annual IT budget reviews conducted by the finance department
• C Service level agreements (SLAs) that establish clear performance targets and remedies for non-compliance ✓ Correct
• D Regular vendor audits to assess supplier financial stability

An enterprise is designing its IT governance framework and must decide on the appropriate reporting structure for the chief information officer. Which reporting relationship would provide the strongest governance outcome?

• A Reporting to the head of operations for operational efficiency
• B Reporting to the general counsel for compliance and risk management
• C Reporting directly to the chief executive officer or board level to ensure IT strategy alignment with overall business strategy ✓ Correct
• D Reporting to the chief financial officer for cost management

When implementing IT governance, an organization discovers that IT and business leadership have significantly different perspectives on priorities and risk tolerance. What is the most appropriate first step to address this misalignment?

• A Establish separate governance structures for IT and business to avoid conflicts
• B Implement the IT leadership's priorities immediately to maintain IT system stability
• C Conduct workshops and assessments to understand business strategy, IT capabilities, current state maturity, and develop a shared governance vision and roadmap ✓ Correct
• D Replace key IT leaders who disagree with business priorities

In a matrix organizational structure, which governance consideration is most important for IT decision-making authority?

• A Clearly defined decision rights must be established that specify who has authority for different IT-related decisions in both functional and business unit dimensions ✓ Correct
• B IT decisions should always be made by the functional IT organization without consulting business unit leaders
• C The organization should eliminate matrix structures to simplify IT governance
• D Business units should have complete autonomy to make all IT decisions independently

An organization is assessing whether its IT governance framework is effective. Which metric would be LEAST appropriate as an indicator of governance effectiveness?

• A The percentage of IT projects that deliver expected business benefits within budget and schedule
• B The number of IT governance committee meetings held per quarter ✓ Correct
• C The reduction in unplanned IT downtime affecting critical business processes
• D The alignment between IT strategy and business strategy as assessed by stakeholder surveys