Isaca Updated CGEIT Exam Questions and Answers by murphy

This is because performance metrics are measurable values that indicate how well the IT assets are performing in terms of functionality, quality, efficiency, and effectiveness1. By implementing performance metrics for key IT assets, the organization can:

Monitor and review the IT assets’ progress, performance, quality, and outcomes

Highlight the IT assets’ achievements, challenges, and opportunities

Demonstrate the alignment of the IT assets with the IT strategy, goals, and priorities

Provide recommendations and feedback for the IT assets’ improvement and adjustment

Implementing performance metrics for key IT assets can help the organization determine the contribution of IT assets in achievement of IT goals, and ensure that they deliver value to the business.

The other options, establishing the span of control during the life cycle of IT assets, determining the average cost of controls for protection of IT assets, and comparing the performance of IT assets against industry best practices are not as beneficial as determining the contribution of IT assets in achievement of IT goals for implementing performance metrics for key IT assets. They are more related to specific aspects or outcomes of IT asset management, rather than a holistic and strategic benefit. They may also not be relevant or applicable to all types or categories of IT assets. They may not address the full scope or potential of IT asset improvement and optimization. References := What Is an IT Asset Management KPI? | Filewave, Performance Measurement Metrics for IT Governance - ISACA

Comprehensive and Detailed Explanation:

The CGEIT Review Manual 8th Edition, in its Governance of Enterprise IT domain, addresses data retention policies and exceptions, particularly in regulated environments. Retaining data beyond policy is acceptable when legally justified, such as a high probability of litigation, where data may be required as evidence. This ensures compliance with legal obligations and avoids penalties. The manual likely references COBIT 2019’s BAI09-Managed Assets, which includes data retention for legal purposes.

Option A: Analytics model does not justify violating policy, as analytics can use anonymized data.

Option C: Expected regulations are speculative and not a valid exception.

Option D: Database upgrade is technical and unrelated to retention policy exceptions.

Double Verification: The answer aligns with COBIT’s BAI09 and the CGEIT domain’s focus on compliance. Litigation is a standard ISACA exception for data retention.

ISACA CGEIT Review Manual 8th Edition, Domain 1: Governance of Enterprise IT (focus on data governance).

COBIT 2019, BAI09-Managed Assets.

ISACA Glossary (for definitions of data retention), available at https://www.isaca.org/resources/glossary.

 A common risk management taxonomy is a set of terms and definitions that are used consistently across the enterprise to describe, measure, and report on risks. A common risk management taxonomy is essential for integrating IT risk with the ERM framework, as it enables a common understanding of risk concepts, categories, and levels among different stakeholders and functions. A common risk management taxonomy also facilitates the aggregation and comparison of risks across the enterprise, and supports the alignment of risk appetite and tolerance with business objectives12. References: 1: Integrated Enterprise IT Risk Management (ERM) Programs - CohnReznick3 2: Introducing Risk Taxonomy - ISACA4

When enterprise strategy changes, themost important action for the CIO is to review the portfolio of current and planned IT projectsto ensure alignment with the new strategic direction. This ensures that resources are being allocated to initiatives that support updated goals and that outdated or misaligned projects are reevaluated.

Performance plans and historical budgets offer context butdo not directly enable strategic realignment.