IT Governance

Elements

IT-G Components

True or False

Governance vs. Management

IT-G Concepts

100

Established components of IT-G strengthen IT business processes

What is Root Cause

100

Practices and activities which support achievement of overall IT-related goals

What are Processes

100

The IT strategy is aligned with the organizational objectives

What is TRUE

100

Accountable to the public, stakeholders, employees

What is Governance

100

Because IT systems are complex, expensive, resource intensive, and done poorly can hurt the organization's mission

Why have IT Governance

200

Unreliable data,

weak oversight,

broken processes,

non-compliance with statute

What is Condition

200

Key decision-making individuals, committees, and formalized teams with adequate authority

What are Organizational Structures

200

The director of IT operations is responsible for IT-G

What is FALSE

(CEO, Business executive, the strategy committee, the CIO)

200

Evaluates the strategic options to address IT security risks

What is Governance

200

Assessing this factor is the responsibility of the senior executive team

What is Risk

300

Establish and implement a strategic plan, risk assessments, roles & responsibilities, policies & procedures, monitor the performance/outcomes

What are Recommendations

300

This component is a factor of good security governance. It starts at the top of the org.

What is Culture, Ethics and Behavior

300

The Project Management Office is accountable to direct IT systems governance

What is FALSE

(PMO should be Informed)

300

Monitors performance and compliance

What is Management

(oversight - management function)

300

IT investments and services are not coordinated across divisions or departments resulting in higher costs and duplication of services

What are SILOS

400

Lawsuits,

investigations,

fines,

and loss of public trust

What is Effect

400

IT applications to manage service requests

An online security awareness training platform

Online collaboration platforms

OneDrive, Teams, SharePoint, Word

What is Services, Infrastructure and Applications

400

Evaluating an IT system investment for risk is the responsibility of the business process owner

What is FALSE

(BP owner is one process within an IT business system - Business system executive is responsible)

400

Assess the organization's current technology maturity and develop a road map to close the gaps

What is Governance

400

On the RACI chart, this role provides input

What is Consulted

500

GAO, NIST, ASET, COBIT, IIA, CMMI

What is Criteria

500

Communication required for effective functioning of IT-G

What is Information Flows and Items

500

Leadership establishes the direction for IT across the organization

What is True

500

Ensure IT business continuity

What is Management

500

From the Capability Maturity Model,

Project performance may not be stable and may not meet specific objectives such as quality, cost, and schedule, but useful work can be done.

What is Level 1