Take This CISA Certification Test! Trivia Quiz.

1.

The MAJOR consideration for an IS auditor when reviewing an organization's IT project portfolio is:

A.

IT budget.
B.

Existing IT environment.
C.

Business plan.
D.

Investment plan.

Correct Answer
C. Business plan.

Explanation
When reviewing an organization's IT project portfolio, the major consideration for an IS auditor is the business plan. The business plan outlines the organization's goals, objectives, and strategies, including how IT projects align with these. By reviewing the business plan, the IS auditor can ensure that the IT projects are in line with the organization's overall business objectives and priorities. This helps to ensure that the IT projects are adding value and contributing to the organization's success.

Rate this question:

1

0

2.

Which of the following is the MOST important element for the successful implementation of IT governance?

A.

Implementing an IT scorecard
B.

Identifying organisational strategies.
C.

Performing a risk assessment
D.

Creating a formal security policy

Correct Answer
B. Identifying organisational strategies.

Explanation
Identifying organizational strategies is the most important element for the successful implementation of IT governance because it helps align IT initiatives with the overall goals and objectives of the organization. By understanding the organization's strategies, IT governance can ensure that IT investments and projects are in line with the organization's priorities and contribute to its success. This also enables effective resource allocation, risk management, and decision-making in IT governance. Implementing an IT scorecard, performing a risk assessment, and creating a formal security policy are important components of IT governance but are contingent upon understanding and aligning with organizational strategies.

Rate this question:

1

0

3.

Effective IT governance requires organizational structures and processes to ensure that:

A.

The organization's strategies and objectives extend the IT strategy.
B.

The business strategy is derived from an IT strategy.
C.

IT governance is separate and distinct from the overall governance.
D.

The IT strategy extends the organization's strategies and objectives.

Correct Answer
D. The IT strategy extends the organization's strategies and objectives.

Explanation
Effective IT governance requires organizational structures and processes to ensure that the IT strategy aligns with and supports the organization's strategies and objectives. This means that the IT strategy should be developed in a way that extends and enhances the organization's overall goals and objectives. By doing so, IT governance can effectively contribute to the success of the organization by ensuring that IT investments and initiatives are in line with the broader organizational strategy.

Rate this question:

1

0

4.

Which of the following IT governance practices best improves strategic alignment?

A.

Management of suppliers and partner risks
B.

A structure that facilitates the creation and sharing of business information.
C.

Top management mediation between the imperatives of business and technology.
D.

A knowledge base on customers, products, markets and processes is in place.

Correct Answer
C. Top management mediation between the imperatives of business and technology.

Explanation
Top management mediation between the imperatives of business and technology best improves strategic alignment because it involves the top-level executives actively bridging the gap between the business goals and the technology capabilities. This practice ensures that the IT decisions align with the overall business strategy, enabling effective decision-making and resource allocation. It helps in prioritizing technology initiatives that directly contribute to achieving the strategic objectives of the organization.

Rate this question:

1

0

5.

As an outcome of information security governance, strategic alignment provides:

A.

Security requirements are driven by enterprise requirements
B.

Institutionalized and commoditized solutions.
C.

Baseline security following best practices.
D.

An understanding of risk exposure.

Correct Answer
A. Security requirements are driven by enterprise requirements

Explanation
Strategic alignment in information security governance ensures that security requirements are aligned with the overall goals and objectives of the enterprise. This means that security measures and solutions are driven by the specific needs and requirements of the organization. By aligning security with enterprise requirements, organizations can effectively prioritize their security efforts and investments, ensuring that resources are allocated in a way that best protects the organization's assets and supports its strategic objectives. This approach helps to ensure that security measures are not implemented in isolation but are integrated into the broader business strategy.

Rate this question:

1

0

6.

IT governance is PRIMARILY the responsibility of the:

A.

Chief executive officer.
B.

Board of directors.
C.

IT steering committee.
D.

Audit committee

Correct Answer
B. Board of directors.

Explanation
The board of directors is primarily responsible for IT governance because they have the ultimate authority and accountability for the organization's overall direction and performance. They play a crucial role in setting the strategic direction for IT, ensuring alignment with business objectives, and making key decisions regarding IT investments, risk management, and compliance. The board's oversight helps ensure that IT resources are effectively utilized, IT risks are managed, and IT projects are aligned with the organization's goals. This responsibility cannot be delegated solely to the CEO, IT steering committee, or audit committee, although they may play supporting roles in the governance process.

Rate this question:

1

0

7.

Establishing the level of acceptable risk is the responsibility of:

A.

Senior business management.
B.

The chief security officer.
C.

The chief information officer.
D.

Quality assurance management.

Correct Answer
A. Senior business management.

Explanation
Establishing the level of acceptable risk is the responsibility of senior business management. As the top decision-makers in an organization, senior business management is responsible for setting the overall direction and goals of the company, including managing risks. They have the authority and knowledge to assess the potential risks and determine what level of risk is acceptable for the organization. The chief security officer and chief information officer may provide input and expertise, but the final responsibility lies with senior business management. Quality assurance management is focused on ensuring the quality of products or services and may not have the authority or expertise to establish acceptable risk levels.

Rate this question:

1

0

8.

Effective IT governance will ensure that an IT plan is consistent with the organization's:

A.

Audit plan.
B.

Business plan.
C.

Security plan.
D.

Investment plan.

Correct Answer
B. Business plan.

Explanation
Effective IT governance ensures that the IT plan aligns with the organization's business plan. This means that the IT strategy and initiatives are designed to support and contribute to the organization's overall goals and objectives. By aligning IT with the business plan, organizations can maximize the value and impact of their IT investments, improve operational efficiency, and enhance decision-making processes. This alignment also helps in prioritizing IT projects, allocating resources effectively, and ensuring that IT initiatives are in line with the organization's strategic direction.

Rate this question:

1

0

9.

Involvement of senior management is MOST important in the development of:

A.

IS policies.
B.

IS procedures.
C.

Standards and guidelines.
D.

Strategic plans.

Correct Answer
D. Strategic plans.

Explanation
Involvement of senior management is most important in the development of strategic plans because they have the authority and expertise to make critical decisions that align with the organization's overall goals and objectives. Senior management's involvement ensures that the strategic plans are well thought out, comprehensive, and have the necessary resources and support from the top to be successfully implemented. Their input and guidance also help in setting the direction and priorities for the organization, ensuring that it remains competitive and adaptable to changing market conditions.

Rate this question:

1

0

10.

IS steering committee should:

A.

Include a mix of members from different departments and staff levels.
B.

Ensure that IS security policies and procedures have been executed properly.
C.

Have formal terms of reference and maintain minutes of its meetings.
D.

Be briefed about new trends and products at each meeting by a vendor.

Correct Answer
C. Have formal terms of reference and maintain minutes of its meetings.

Explanation
The steering committee for IS should have formal terms of reference and maintain minutes of its meetings to ensure effective governance and accountability. Formal terms of reference provide a clear understanding of the committee's objectives, responsibilities, and decision-making authority. Maintaining minutes of meetings allows for documentation of discussions, decisions, and actions taken, providing a historical record and ensuring transparency. This practice helps in tracking progress, identifying any issues or concerns, and ensuring that the committee operates efficiently and effectively.

Rate this question:

2

0