Isaca Updated CGEIT Exam Questions and Answers by oliwia

The BEST method for the IT strategy committee to evaluate how well the IT department supports the business strategy is to use IT balanced scorecard reporting. An IT balanced scorecard (BSC) is a strategic management tool that translates the IT vision and mission intomeasurable objectives, indicators, targets, and initiatives across four perspectives: financial, customer, internal process, and learning and growth1. An IT balanced scorecard reporting is a process of collecting, analyzing, and communicating the performance data and results of the IT department based on the IT BSC framework2. An IT balanced scorecard reporting can help to:

Align the IT objectives and activities with the business strategy and expectations3

Monitor and evaluate the efficiency, effectiveness, and value of the IT department

Identify the strengths, weaknesses, opportunities, and threats of the IT department

Communicate and demonstrate the contribution and impact of the IT department to the business outcomes

Therefore, an IT balanced scorecard reporting is the most suitable method for the IT strategy committee to assess how well the IT department supports the business strategy.

The other options are not as good as option C. While it is useful to conduct a capability maturity assessment, a customer survey analysis, or an IT controls assurance program, these are not comprehensive enough to evaluate how well the IT department supports the business strategy. They are rather focused on specific aspects of the IT department, such as its processes, services, or controls. They do not necessarily cover all four perspectives of the IT BSC framework, which provide a holistic view of the IT performance and alignment with the business strategy. References :=

The IT Balanced Scorecard (BSC) Explained - BMC Software1

What Is a Balanced Scorecard (BSC), How Is it Used in Business?2

How to Align Your Business Strategy with Your Technology Strategy …3

How to Measure Your Strategic Plan’s Success - dummies

SWOT Analysis: What It Is and When to Use It - Business News Daily

How to Communicate Strategy Effectively - ClearPoint Strategy

 Privacy requirements should be the most important consideration for a hospital planning to use cloud services and mobile applications, because they involve the protection of sensitive and personal health information (PHI) of the patients and staff. PHI is a type of data that is subject to strict regulations and standards, such as the Health Insurance Portability and Accountability Act (HIPAA) in the US1, the General Data Protection Regulation (GDPR) in the EU2, and the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada3. These regulations and standards require the hospital to ensure that PHI is collected, stored, processed, and transmitted in a secure and compliant manner, and that the rights and consent of the data subjects are respected. Using cloud services and mobile applications can pose significant challenges and risks to privacy, such as data breaches, unauthorized access, data loss, data residency, third-party liability, etc. Therefore, the hospital should carefully evaluate the privacy requirements and implications of using cloud services and mobile applications, and adoptappropriate governance, policies, controls, and measures to safeguard PHI in the cloud environment.

A balanced scorecard is a tool that would best demonstrate the current state of strategic alignment, because it is a framework that translates the enterprise’s vision and strategy into a set of performance measures that cover four perspectives: financial, customer, internal business process, and learning and growth12. A balanced scorecard can help to assess how well the IT function is supporting the business objectives, and identify the gaps and opportunities for improvement. A balanced scorecard can also help to communicate and monitor the IT strategy and goals, and align the IT activities and resources with the business needs and expectations1 .

According to the CGEIT exam guide, data governance is the set of processes that ensure that important data assets are formally managed throughout the enterprise. Data governance ensures that data can be trusted and that people can be made accountable for any adverse event that happens because of low data quality. It is about putting people in charge of fixing and preventing issues with data so that the enterprise can become more efficient. Data governance also describes an evolutionary process for a company, altering the company’s way of thinking and setting up the processes to handle information so that it may be utilized by the entire organization. When moving infrastructure hosting to an external cloud provider, it is essential to include compliance with the enterprise’s data governance policy in the contract. This will ensure that the cloud provider follows the same standards and practices as the enterprise regarding data quality, security, privacy, availability, integrity and reliability. This will also help to mitigate the risk of data breaches, loss or misuse, and to protect the reputation and trust of the enterprise and its customers. References: CGEIT Exam Candidate Guide, page 16. CGEIT Certification, Building Cloud Governance From the Basics