Isaca Updated CGEIT Exam Questions and Answers by rome

The IT strategy is the document that defines how IT will be used to support and achieve the business objectives of the organization. It aligns the IT investments, resources, and activities with the business priorities and direction. When there is a change in the business objectives, such as a re-prioritization by management, the IT strategy should be updated accordingly to ensure that IT remains relevant and aligned with the new business goals. Updating the IT strategy should be done first before allocating resources to IT processes, because it provides the basis for determining which IT processes are most critical and valuable for the organization. The other options are not the best actions to perform first in this scenario. Performing a maturity assessment, implementing a RACI model, and refining the human resource management plan are all useful activities for improving the IT processes, but they are not directly related to the change in business objectives. They should be done after updating the IT strategy, based on the new strategic direction and priorities. References:

1: https://www.projectpractical.com/human-resource-management-plan-template-free-download/

2: https://open.lib.umn.edu/humanresourcemanagement/chapter/2-2-writing-the-hrm-plan/

3: https://www.isixsigma.com/getting-started/are-you-ready-how-conduct-maturity-assessment/

4: https://www.smartsheet.com/content/organizational-maturity

5: https://www.process.st/maturity-model/

 The business manager has the primary responsibility to define the requirements for IT service levels for the enterprise, as they are the ones who understand the business needs, objectives, and expectations from the IT services. The business manager should communicate these requirements to the IT service provider, who should then design, deliver, and monitor the IT services according to the agreed service levels. The help desk, the CIO, and the business continuity vendor are not primarily responsible for defining the IT service level requirements, although they may have roles in supporting, implementing, or ensuring them. References := CGEIT Review Manual, 27th Edition, Domain 1: Governance of Enterprise IT, page 20-21.

An IT steering committee is a group of senior executives and stakeholders who provide strategic direction, oversight, and guidance for IT initiatives and investments in an enterprise. An IT steering committee should be responsible for the implementation of an IT balanced scorecard, as it can ensure that the scorecard aligns with the enterprise’s vision, mission, goals, and strategies, and that it reflects the needs and expectations of the customers and other stakeholders. An IT steering committee can also monitor and evaluate the performance of the IT function based on the scorecard metrics, and provide feedback and recommendations for improvement. An IT steering committee can also facilitate communication and collaboration among the IT function and other business units, and promote a culture of accountability and transparency for IT performance. References: CGEIT Exam Content Outline | ISACA1, CGEIT Review Manual (Digital Version), How to implement the Balanced Scorecard: Best Practices & 10 Tips2, Who Should Manage Your Company’s Balanced Scorecard?3

This should be the IT steering committee’s primary concern, as moving to an external cloud service provider may introduce new or different risks to the enterprise, such as data security,privacy, compliance, availability, performance, vendor lock-in, and service level agreements12. The IT steering committee should update the business risk profile to reflect the current and potential risks associated with the cloud service provider, and to ensure that they are aligned with the enterprise’s risk appetite and tolerance12. The IT steering committee should also monitor and manage the risks throughout the cloud service lifecycle, and implement appropriate controls and mitigation strategies to protect the enterprise’s assets and interests12. The other options are not as important as updating the business risk profile, as they are not directly related to the strategic decision to reduce operating costs for the next year. Calculating the cost of the current solution, changing the IT steering committee charter, and revising the business’s balanced scorecard are possible actions that may be taken after updating the business risk profile, based on the identified risks and their levels3.