CGEIT Cert Exam - Answers CGEIT Free

- Ensure that IT enables and supports the achievement of enterprise objectives through the integration and alignment of IT strategic plans with enterprise strategic plans.

Task Statements

1. Evaluate, direct and monitor IT strategic planning processes to ensure alignment with enterprise goals.
2. Ensure that appropriate policies and procedures are in place to support IT and enterprise strategic alignment.
3. Ensure that the IT strategic planning processes and related outputs are adequately documented and communicated.
4. Ensure that enterprise architecture (EA) is integrated into the IT strategic planning process.
5. Ensure prioritization of IT initiatives to achieve enterprise objectives.
6. Ensure that IT objectives cascade into clear roles, responsibilities and actions of IT personnel.

Knowledge Statements

1. Knowledge of an enterprise’s strategic plan and how it relates to IT.
2. Knowledge of strategic planning processes and techniques.
3. Knowledge of impact of changes in business strategy on IT strategy.
4. Knowledge of barriers to the achievement of strategic alignment.
5. Knowledge of policies and procedures necessary to support IT and business strategic alignment.
6. Knowledge of methods to document and communicate IT strategic planning processes (for example, IT dashboard/balanced scorecard, key indicators).
7. Knowledge of components, principles and frameworks of enterprise architecture (EA).
8. Knowledge of current and future technologies.
9. Knowledge of prioritization processes related to IT initiatives.
10. Knowledge of scope, objectives and benefits of IT investment programs.
11. Knowledge of IT roles and responsibilities and methods to cascade business and IT objectives to IT personnel.

- Ensure the definition, establishment, and management of a framework for the governance of enterprise IT in alignment with the mission, vision and values of the enterprise.

Task Statements

1. Ensure that a framework for the governance of enterprise IT is established and enables the achievement of enterprise goals and objectives to create stakeholder value, taking into account benefits realization, risk optimization, and resource optimization.
2. Identify the requirements and objectives for the framework for the governance of enterprise IT incorporating input from enablers such as principles, policies and frameworks; processes; organizational structures; culture, ethics and behavior; information; services, infrastructure and applications; people, skills and competencies.
3. Ensure that the framework for the governance of enterprise IT addresses applicable internal and external requirements (for example, principles, policies and standards, laws, regulations, service capabilities and contracts).
4. Ensure that strategic planning processes are incorporated into the framework for the governance of enterprise IT.
5. Ensure the incorporation of enterprise architecture (EA) into the framework for the governance of enterprise IT in order to optimize IT-enabled business solutions.
6. Ensure that the framework for the governance of enterprise IT incorporates comprehensive and repeatable processes and activities.
7. Ensure that the roles, responsibilities and accountabilities for information systems and IT processes are established.
8. Ensure issues related to the framework for the governance of enterprise IT are reviewed, monitored, reported and remediated.
9. Ensure that organizational structures are in place to enable effective planning and implementation of IT-enabled business investments.
10. Ensure the establishment of a communication channel to reinforce the value of the governance of enterprise IT and transparency of IT costs, benefits and risk throughout the enterprise.
11. Ensure that the framework for the governance of enterprise IT is periodically assessed, including the identification of improvement opportunities.

Knowledge Statements

1. Knowledge of components of a framework for the governance of enterprise IT.
2. Knowledge of IT governance industry practices, standards and frameworks (for example, COBIT, Information Technology Infrastructure Library [ITIL], International Organization for Standardization [ISO] 20000, ISO 38500).
3. Knowledge of business drivers related to IT governance (for example, legal, regulatory and contractual requirements).
4. Knowledge of IT governance enablers (for example, principles, policies and frameworks; processes; organizational structures; culture, ethics and behavior; information; services, infrastructure and applications; people, skills and competencies).
5. Knowledge of techniques used to identify IT strategy (for example, SWOT, BCG Matrix).
6. Knowledge of components, principles, and concepts related to enterprise architecture (EA).
7. Knowledge of Organizational structures and their roles and responsibilities (for example, enterprise investment committee, program management office, IT strategy committee, IT architecture review board, IT risk management committee).
8. Knowledge of methods to manage organizational, process and cultural change.
9. Knowledge of models and methods to establish accountability for information requirements, data and system ownership; and IT processes.
10. Knowledge of IT governance monitoring processes/mechanisms (for example, balanced scorecard (BSC).
11. Knowledge of IT governance reporting processes/mechanisms.
12. Knowledge of communication and promotion techniques.
13. Knowledge of assurance methodologies and techniques.
14. Knowledge of continuous improvement techniques and processes.

- Ensure that an IT risk management framework exists to identify, analyze, mitigate, manage, monitor, and communicate IT-related business risk, and that the framework for IT risk management is in alignment with the enterprise risk management (ERM) framework.

Task Statements

1. Ensure that comprehensive IT risk management processes are established to identify, analyze, mitigate, manage, monitor, and communicate IT risk.
2. Ensure that legal and regulatory compliance requirements are addressed through IT risk management.
3. Ensure that IT risk management is aligned with the enterprise risk management (ERM) framework.
4. Ensure appropriate senior level management sponsorship for IT risk management.
5. Ensure that IT risk management policies, procedures and standards are developed and communicated.
6. Ensure the identification of key risk indicators (KRIs).
7. Ensure timely reporting and proper escalation of risk events and responses to appropriate levels of management.

Knowledge Statements

1. Knowledge of the application of risk management at the strategic, portfolio, program, project and operations levels.
2. Knowledge of risk management frameworks and standards (for example, RISK IT, the Committee of Sponsoring Organizations of the Treadway Commission Enterprise Risk Management—Integrated Framework (2004) [COSO ERM], International Organization for Standardization (ISO) 31000).
3. Knowledge of the relationship of the risk management approach to legal and regulatory compliance.
4. Knowledge of methods to align IT and enterprise risk management (ERM).
5. Knowledge of the relationship of the risk management approach to business resiliency (for example, business continuity planning [BCP] and disaster recovery planning [DRP]).
6. Knowledge of risk, threats, vulnerabilities and opportunities inherent in the use of IT.
7. Knowledge of types of business risk, exposures and threats (for example, external environment, internal fraud, information security) that can be addressed using IT resources
8. Knowledge of risk appetite and risk tolerance.
9. Knowledge of quantitative and qualitative risk assessment methods.
10. Knowledge of risk mitigation strategies related to IT in the enterprise.
11. Knowledge of methods to monitor effectiveness of mitigation strategies and/or controls.
12. Knowledge of stakeholder analysis and communication techniques.
13. Knowledge of methods to establish key risk indicators (KRIs).
14. Knowledge of methods to manage and report the status of identified risk.