Isaca Updated CGEIT Exam Questions and Answers by alvin

A risk register is a tool that records and tracks the risks associated with a project or an activity, such as developing consumer-based services using emerging technologies involving sensitive personal data. A risk register typically includes information such as the risk description, category, impact, probability, status, response strategy, and owner. Reviewing the risk register will enable the CIO to make the best decision for the customers, as it will help them to identify, assess, and prioritize the risks that may affect the security, privacy, and quality of the services, and to determine the appropriate actions to mitigate or avoid them. The other options are not as relevant, as they do not provide specific information about the risks involved in the project or activity. References: : CGEIT Review Manual (Digital Version), Chapter 4: Risk Optimization, Section 4.3: IT Risk Management, Subsection 4.3.2: IT Risk Management Process, Page 156 : CGEIT Review Manual (Digital Version), Chapter 4: Risk Optimization, Section 4.3: IT Risk Management, Subsection 4.3.3: IT Risk Management Techniques and Tools, Page 158 : Capability Maturity Model and Risk Register Integration1

Business innovation is the process of creating new or improved products, services, processes, or business models that create value for the organization and its customers. IT can enable business innovation by providing the tools, platforms, data, and capabilities that support the generation, implementation, and diffusion of innovative ideas. However, IT alone cannot drive business innovation; it requires a close collaboration and alignment between IT and business. Therefore, IT participation in business strategy development is the best way to enable business innovation through IT, because it can help to ensure that IT understands the business goals and needs, that IT contributes to the identification and evaluation of opportunities and challenges, that IT provides feasible and effective solutions and recommendations, and that IT supports the execution and monitoring of the innovation initiatives123. References: How to Drive Business Innovation Through IT. How to Enable Business Innovation with IT. Business Innovation: What It Is and How to Achieve It.

 A change in business strategy may require a change in IT governance structure to align with the new direction and objectives of the organization. The other options are not the primary impact of a business strategy change, but rather the outcomes or consequences of IT governance. References := ISACA, CGEIT Review Manual, 27th Edition, 2020, page 10.

 Enterprise architecture (EA) is the most important input for managing the risk associated with creating a mobile application, because it provides a holistic view of the current and future state of the enterprise’s IT environment, including its goals, principles, standards, policies, processes, technologies, and systems. EA helps to identify the gaps, dependencies, constraints, and opportunities for the mobile application initiative, and to align it with the enterprise’s strategic objectives and business requirements. EA also helps to assess the impact of the mobile application on the existing IT infrastructure, security, performance, and compliance. By using EA as an input for IT risk management, the enterprise can ensure that the mobile application is designed, developed, deployed, and maintained in a consistent, coherent, and optimal way that minimizes the potential risks and maximizes the expected benefits. The other options are not the most important input for managing the risk associated with creating a mobile application, but rather some of the outputs or outcomes of IT risk management. An IT risk scorecard is a tool that measures and reports the performance of IT risk management activities and controls. An enterprise risk appetite is a statement that defines the level and type of risk that an enterprise is willing to accept or avoid in pursuit of its objectives. Business requirements are the specifications that describe what the mobile application should do and how it should meet the needs and expectations of the users and stakeholders. References := ISACA, CGEIT Review Manual, 27th Edition, 2020, page 15; Enterprise Architecture as Business Capabilities Architecture