| 1. An improvement project failed to create the expected value because the team did not spend enough time thinking about how successful the solution would be. What would have helped to prevent this failure? |
| A. Kanban B. Risk management C. Measurement and reporting D. Cascading objectives |
| B (3.1) |
| 2. Which statement BEST describes the role of IT staff in risk management? |
| A. IT risk management is a specialized skill and should be performed only by specially trained staff B. When IT services fail because of unidentified risk, responsible staff must be held accountable C. IT staff objectively identify potential risks in their own work D. IT staff are responsible for contributing to the effective management of risks |
| D (3.1) |
| 3. A management consultant has been hired to help a multinational organization improve corporate governance, risk management, and compliance. Who would the consultant PRIMARILY work with to understand the current state of governance? |
| A. The board of directors B. The largest shareholders C. The internal audit committee D. The service management office |
| A (3.2) |
| 4. Which BEST describes the primary role of a governing body? |
| A. To establish and regularly review the goals cascade throughout the organization B. To develop and regularly review IT measurements and metrics C. To annually review and approve IT projects to maximize business value D. To establish and regularly review the effectiveness of risk management and internal controls |
| D (3.2) |
| 5. The CIO of a large multinational organization has received complaints that work is slowing down as staff are often overwhelmed when trying to comply with controls. This is creating unintended and undesirable effects in other parts of the organization. In response, the CIO has asked their management team to ensure that existing controls are sufficient, but not excessive. What should the management team NOT do when identifying excessive controls? |
| A. Work across multiple stakeholder groups to identify what data is useful for the organization B. Increase the amount of data measured and reported on because the data might be needed in the future C. Determine if staff are using placeholder data to complete mandatory fields so they can continue to work if the required data is not available D. Review external drivers, particularly legal obligations that impact the way the organization works |
| B (3.3) |
| 6. An organization works in a highly regulated industry. A new regulation has been introduced that requires additional information to be recorded about users each time the service desk logs an incident in the service logging tool. They want to put controls in place to ensure that the regulation is followed. Which is the BEST approach? |
| A. Update the logging tool to ensure that the minimum data required by the regulation is always recorded and report on any deviations B. Ensure that the service desk staff are aware of the new regulation and continue to use existing reports of service desk activity C. Update the logging tool to ensure that all fields must be completed for every incident record and produce daily reports of all service desk activity D. Ensure that the service desk staff are aware of the new regulation and let them decide whatdata to record and produce reports when requested |
| A (3.3) |