CGEIT Exam Preparation UPDATED
ACTUAL Exam Questions and CORRECT
Answers
Risk Mitigation - CORRECT ANSWER The management of risk through the use of
countermeasures and safeguards
[Ch4, p.252]
Framework - CORRECT ANSWER A generally accepted, business-process-oriented structure
that establishes a common language and enables repeatably business processes.
[Ch1, p.95]
Core components of Enterprise Governance - CORRECT ANSWER Corporate Governance
(conformance) and Business Governance (performance)
Enterprise Governance - CORRECT ANSWER A set of responsibilities and practices
exercised by the Board and exec mgmt with the goal of providing strategic direction, ensuring
that objectives are acheived, ascertaining that risks are managed appropriately and verifying that
the enterprise's resources are used responsibly.
Corporate Governance - CORRECT ANSWER AKA conformance. Covers issues such as
board structure, role and executive remuneration.
Retrospective
Business Governance - CORRECT ANSWER AKA performance. Focuses on strategy and
value creation, and on helping the board made strategic decisions, understand its appetite for risk
and its key drivers of performance, and identify its key points of decision making.
Difficult to administer standards and audit. IFAC recommends the use of a strategic scorecard.
,Prospective
Techniques to Identify IT Strategy - CORRECT ANSWER Effective GEIT means initiatives
must be tied to organizational mission, vision, and strategy. (This must also be effectively
communicated.). Methods include SWOT Analysis and BCG's growth share matrix.
SWOT Analysis - CORRECT ANSWER Strengths, Weaknesses (both internal),
Opportunities, Threats (both external). Can be used to assess a particular project or initiative, or
the IT program as a whole.
BCG's Growth Share Matrix - CORRECT ANSWER Boston Consulting Group's growth
share matrix. Assesses market growth rate (low high) against relative market share (low high).
Enterprise Architecture - CORRECT ANSWER A representation of a conceptual framework
of components and their relationships at a point in time, from the top down.
Includes five layers: business unit architecture; information architecture; information systems
architecture; data architecture; and delivery system architecture.
Business Unit Architecture - CORRECT ANSWER The core business processes that support
the enterprise's missions. Components for the business unit Architecture generally focus on
external and internal reporting requirements and functional areas. The major component is a
high-level analysis of the work performed in support of the enterprise's mission, vision, and
goals. Business processes are comprised by business activities, which determine the information
needed by the enterprise. Each process should incorporate performance management structure in
accordance with Plan-Do-Check-Act cycle.
Information Architecture - CORRECT ANSWER Analyzes the information used by the
enterprise in its business processes both in terms of type and movement within the org.
,Information Systems Architecture - CORRECT ANSWER Identifies, defines, and organizes
the activities that capture, manipulate, and manage the business information to support mission
operations as well as the logical dependencies and relationships among business activities.
Data Architecture - CORRECT ANSWER Identifies how data are maintained, accessed, and
utilized. Can include data models that describe the nature of the data underlying the business and
information needs, such as physical database design, database and file structures, data
definitions, data dictionaries and data elements underlying the information systems of the
enterprise.
Delivery System Architecture - CORRECT ANSWER describes and identifies the
information service layer, network service layer, and components, including networks protocols
and nodes. Represents the wiring diagram of the physical IT infrastructure and facility support
requirements.
Organizational Structures as Enablers - CORRECT ANSWER Effective GEIT requires
governance of organizational structures to ensure that IT-related decisions occur in a transparent
environment and to enable effective contact and exchange between business and IT management.
(p. 25). Examples from COBIT 5 include the Strategy (IT Executive) Committee, The (Project
and Programme) Steering Committees, the Architecture Board, the Enterprise Risk Commitee,
etc. Understanding key roles and structures enables construction of a RACI chart for Key
Management Principles. Weill and Ross propose that IT governance "is all about specifying the
decision rights and accountability framework to encourage desirable behavior in the use of the
IT."
Methods of managing organizational, process, and cultural change - CORRECT
ANSWER Change enablement is one of the biggest challenges to GEIT implementation. It
should not be assumed that various stakeholders involved in or affected by new or revised
governance arrangements will readily accept and adopt the change. The possibility of ignorance
or resistance to change needs to be addressed though a structured and proactive approach. Also,
optimal awareness of the program should be achieved through a communications plan that
defines what will be communicated, what way, and by whom throughout the various phases of
the program.
Governance of Enterprise IT (GEIT) - CORRECT ANSWER A governance view that ensures
that information and related technology support and enable the enterprise strategy and the
, achievement of enterprise objectives; this also includes the functional governance of IT (i.e.
ensuring that IT capabilities are provided efficiently and effectively). [Ch1, p.25]
Components of good Enterprise Governance - CORRECT ANSWER 1) Transparency -
means that an enterprise allows for its processes and transactions to be observable to internal and
external stakeholders.
2) Accountability - is not just who is the one to blame when it all goes wrong; accountability is
more about having a sense of ownership. This provides an understanding of the weight of one's
responsibilities and motivation to do the 'right thing'.
3) Security - in today's environment of cybercrime and data compromise/loss from breaches, this
is not solely an IT concern. Appropriate security and risk mitigation strategies are a necessity to
protect the trade secrets, corporate data, and client information of an enterprise.
[Ch1, p.26]
Corporate governance roles that undertake assurance/accountability activities - CORRECT
ANSWER - Chairperson/CEO
-Non-executive directors
- Audit committee
- Compensation (remuneration) committee
- Risk management
- Internal audit
[Ch1, p.27]
Business governance activities that support performance/value creation - CORRECT
ANSWER - Strategic planning and alignment
- Strategic decision making
- Strategic risk management
- (Balanced) scorecards
- Strategic enterprise systems
- Continuous improvement
[Ch1, p.27]
ACTUAL Exam Questions and CORRECT
Answers
Risk Mitigation - CORRECT ANSWER The management of risk through the use of
countermeasures and safeguards
[Ch4, p.252]
Framework - CORRECT ANSWER A generally accepted, business-process-oriented structure
that establishes a common language and enables repeatably business processes.
[Ch1, p.95]
Core components of Enterprise Governance - CORRECT ANSWER Corporate Governance
(conformance) and Business Governance (performance)
Enterprise Governance - CORRECT ANSWER A set of responsibilities and practices
exercised by the Board and exec mgmt with the goal of providing strategic direction, ensuring
that objectives are acheived, ascertaining that risks are managed appropriately and verifying that
the enterprise's resources are used responsibly.
Corporate Governance - CORRECT ANSWER AKA conformance. Covers issues such as
board structure, role and executive remuneration.
Retrospective
Business Governance - CORRECT ANSWER AKA performance. Focuses on strategy and
value creation, and on helping the board made strategic decisions, understand its appetite for risk
and its key drivers of performance, and identify its key points of decision making.
Difficult to administer standards and audit. IFAC recommends the use of a strategic scorecard.
,Prospective
Techniques to Identify IT Strategy - CORRECT ANSWER Effective GEIT means initiatives
must be tied to organizational mission, vision, and strategy. (This must also be effectively
communicated.). Methods include SWOT Analysis and BCG's growth share matrix.
SWOT Analysis - CORRECT ANSWER Strengths, Weaknesses (both internal),
Opportunities, Threats (both external). Can be used to assess a particular project or initiative, or
the IT program as a whole.
BCG's Growth Share Matrix - CORRECT ANSWER Boston Consulting Group's growth
share matrix. Assesses market growth rate (low high) against relative market share (low high).
Enterprise Architecture - CORRECT ANSWER A representation of a conceptual framework
of components and their relationships at a point in time, from the top down.
Includes five layers: business unit architecture; information architecture; information systems
architecture; data architecture; and delivery system architecture.
Business Unit Architecture - CORRECT ANSWER The core business processes that support
the enterprise's missions. Components for the business unit Architecture generally focus on
external and internal reporting requirements and functional areas. The major component is a
high-level analysis of the work performed in support of the enterprise's mission, vision, and
goals. Business processes are comprised by business activities, which determine the information
needed by the enterprise. Each process should incorporate performance management structure in
accordance with Plan-Do-Check-Act cycle.
Information Architecture - CORRECT ANSWER Analyzes the information used by the
enterprise in its business processes both in terms of type and movement within the org.
,Information Systems Architecture - CORRECT ANSWER Identifies, defines, and organizes
the activities that capture, manipulate, and manage the business information to support mission
operations as well as the logical dependencies and relationships among business activities.
Data Architecture - CORRECT ANSWER Identifies how data are maintained, accessed, and
utilized. Can include data models that describe the nature of the data underlying the business and
information needs, such as physical database design, database and file structures, data
definitions, data dictionaries and data elements underlying the information systems of the
enterprise.
Delivery System Architecture - CORRECT ANSWER describes and identifies the
information service layer, network service layer, and components, including networks protocols
and nodes. Represents the wiring diagram of the physical IT infrastructure and facility support
requirements.
Organizational Structures as Enablers - CORRECT ANSWER Effective GEIT requires
governance of organizational structures to ensure that IT-related decisions occur in a transparent
environment and to enable effective contact and exchange between business and IT management.
(p. 25). Examples from COBIT 5 include the Strategy (IT Executive) Committee, The (Project
and Programme) Steering Committees, the Architecture Board, the Enterprise Risk Commitee,
etc. Understanding key roles and structures enables construction of a RACI chart for Key
Management Principles. Weill and Ross propose that IT governance "is all about specifying the
decision rights and accountability framework to encourage desirable behavior in the use of the
IT."
Methods of managing organizational, process, and cultural change - CORRECT
ANSWER Change enablement is one of the biggest challenges to GEIT implementation. It
should not be assumed that various stakeholders involved in or affected by new or revised
governance arrangements will readily accept and adopt the change. The possibility of ignorance
or resistance to change needs to be addressed though a structured and proactive approach. Also,
optimal awareness of the program should be achieved through a communications plan that
defines what will be communicated, what way, and by whom throughout the various phases of
the program.
Governance of Enterprise IT (GEIT) - CORRECT ANSWER A governance view that ensures
that information and related technology support and enable the enterprise strategy and the
, achievement of enterprise objectives; this also includes the functional governance of IT (i.e.
ensuring that IT capabilities are provided efficiently and effectively). [Ch1, p.25]
Components of good Enterprise Governance - CORRECT ANSWER 1) Transparency -
means that an enterprise allows for its processes and transactions to be observable to internal and
external stakeholders.
2) Accountability - is not just who is the one to blame when it all goes wrong; accountability is
more about having a sense of ownership. This provides an understanding of the weight of one's
responsibilities and motivation to do the 'right thing'.
3) Security - in today's environment of cybercrime and data compromise/loss from breaches, this
is not solely an IT concern. Appropriate security and risk mitigation strategies are a necessity to
protect the trade secrets, corporate data, and client information of an enterprise.
[Ch1, p.26]
Corporate governance roles that undertake assurance/accountability activities - CORRECT
ANSWER - Chairperson/CEO
-Non-executive directors
- Audit committee
- Compensation (remuneration) committee
- Risk management
- Internal audit
[Ch1, p.27]
Business governance activities that support performance/value creation - CORRECT
ANSWER - Strategic planning and alignment
- Strategic decision making
- Strategic risk management
- (Balanced) scorecards
- Strategic enterprise systems
- Continuous improvement
[Ch1, p.27]
