Certified in the Governance of Enterprise IT (CGEIT) Quiz Questions and Answers

During an audit, the IS auditor notes the application developer also performs quality assurance testing on another application. Which of the following is the MOST important course of action for the auditor?

Answer :
  • Report the identified condition.

Explanation :

The software quality assurance role should be independent and separate from development and development activities. The same person should not hold both roles because this would cause a segregation of duties concern. The IS auditor should report this condition when identified.

In reviewing the IT short-range (tactical) plan, an IS auditor should determine whether:

Answer :
  • there is an integration of IT and business personnel within projects.

Explanation :

The integration of IT and business personnel in projects is an operational issue and should be considered while reviewing the short-range plan. A strategic plan provides a framework for the IT short-range plan.

Which of the following BEST determines that sufficient resources exist to meet strategic objectives?

Answer :
  • Gap analysis

Explanation :

Gap analysis identifies the gaps in desired requirements and the current state and best determines the shortfall of resources

Which of the following is the BEST indicator of the alignment of IT and enterprise strategic initiatives?

Answer :
  • The percentage of IT projects meeting stakeholder expectations

Performance measures are MOST meaningful when the measures:

Answer :
  • Are tied to business objectives

IT governance initiative should be PRIMARILY prioritized based on the:

Answer :
  • Impact on the organization

IT risk associated with the outsourcing of IT services is BEST managed through the:

Answer :
  • Inclusion of controls and service level agreements (SLAs) into contracts

Which of the following is the MOST common area of risk among enterprise:

Answer :
  • Operational risk

What should be PRIMARILY analyzed before defining a risk management strategy?

Answer :
  • The organizational culture and risk appetite

Who of the following is ULTIMATELY responsible for monitoring the risk management process?

Answer :
  • Chief executive officer (CEO)