CGEIT EXAM QUESTIONS AND
ANSWERS 100% PASS
Risk Mitigation - ANS The management of risk through the use of countermeasures and
safeguards
[Ch4, p.252]
Framework - ANS A generally accepted, business-process-oriented structure that establishes
a common language and enables repeatably business processes.
[Ch1, p.95]
Core components of Enterprise Governance - ANS Corporate Governance (conformance) and
Business Governance (performance)
Enterprise Governance - ANS A set of responsibilities and practices exercised by the Board
and exec mgmt with the goal of providing strategic direction, ensuring that objectives are
acheived, ascertaining that risks are managed appropriately and verifying that the enterprise's
resources are used responsibly.
Corporate Governance - ANS AKA conformance. Covers issues such as board structure, role
and executive remuneration.
Retrospective
, ©THESTAR 2025 ALL RIGHTS RESERVED
Business Governance - ANS AKA performance. Focuses on strategy and value creation, and
on helping the board made strategic decisions, understand its appetite for risk and its key
drivers of performance, and identify its key points of decision making.
Difficult to administer standards and audit. IFAC recommends the use of a strategic scorecard.
Prospective
Techniques to Identify IT Strategy - ANS Effective GEIT means initiatives must be tied to
organizational mission, vision, and strategy. (This must also be effectively communicated.).
Methods include SWOT Analysis and BCG's growth share matrix.
SWOT Analysis - ANS Strengths, Weaknesses (both internal), Opportunities, Threats (both
external). Can be used to assess a particular project or initiative, or the IT program as a whole.
BCG's Growth Share Matrix - ANS Boston Consulting Group's growth share matrix. Assesses
market growth rate (low high) against relative market share (low high).
Enterprise Architecture - ANS A representation of a conceptual framework of components
and their relationships at a point in time, from the top down.
Includes five layers: business unit architecture; information architecture; information systems
architecture; data architecture; and delivery system architecture.
Business Unit Architecture - ANS The core business processes that support the enterprise's
missions. Components for the business unit Architecture generally focus on external and
internal reporting requirements and functional areas. The major component is a high-level
analysis of the work performed in support of the enterprise's mission, vision, and goals.
Business processes are comprised by business activities, which determine the information
needed by the enterprise. Each process should incorporate performance management
structure in accordance with Plan-Do-Check-Act cycle.
, ©THESTAR 2025 ALL RIGHTS RESERVED
Information Architecture - ANS Analyzes the information used by the enterprise in its
business processes both in terms of type and movement within the org.
Information Systems Architecture - ANS Identifies, defines, and organizes the activities that
capture, manipulate, and manage the business information to support mission operations as
well as the logical dependencies and relationships among business activities.
Data Architecture - ANS Identifies how data are maintained, accessed, and utilized. Can
include data models that describe the nature of the data underlying the business and
information needs, such as physical database design, database and file structures, data
definitions, data dictionaries and data elements underlying the information systems of the
enterprise.
Delivery System Architecture - ANS describes and identifies the information service layer,
network service layer, and components, including networks protocols and nodes. Represents
the wiring diagram of the physical IT infrastructure and facility support requirements.
Organizational Structures as Enablers - ANS Effective GEIT requires governance of
organizational structures to ensure that IT-related decisions occur in a transparent environment
and to enable effective contact and exchange between business and IT management. (p. 25).
Examples from COBIT 5 include the Strategy (IT Executive) Committee, The (Project and
Programme) Steering Committees, the Architecture Board, the Enterprise Risk Commitee, etc.
Understanding key roles and structures enables construction of a RACI chart for Key
Management Principles. Weill and Ross propose that IT governance "is all about specifying the
decision rights and accountability framework to encourage desirable behavior in the use of the
IT."
Methods of managing organizational, process, and cultural change - ANS Change enablement
is one of the biggest challenges to GEIT implementation. It should not be assumed that various
stakeholders involved in or affected by new or revised governance arrangements will readily
accept and adopt the change. The possibility of ignorance or resistance to change needs to be
addressed though a structured and proactive approach. Also, optimal awareness of the
, ©THESTAR 2025 ALL RIGHTS RESERVED
program should be achieved through a communications plan that defines what will be
communicated, what way, and by whom throughout the various phases of the program.
Governance of Enterprise IT (GEIT) - ANS A governance view that ensures that information
and related technology support and enable the enterprise strategy and the achievement of
enterprise objectives; this also includes the functional governance of IT (i.e. ensuring that IT
capabilities are provided efficiently and effectively). [Ch1, p.25]
Components of good Enterprise Governance - ANS 1) Transparency - means that an
enterprise allows for its processes and transactions to be observable to internal and external
stakeholders.
2) Accountability - is not just who is the one to blame when it all goes wrong; accountability is
more about having a sense of ownership. This provides an understanding of the weight of one's
responsibilities and motivation to do the 'right thing'.
3) Security - in today's environment of cybercrime and data compromise/loss from breaches,
this is not solely an IT concern. Appropriate security and risk mitigation strategies are a
necessity to protect the trade secrets, corporate data, and client information of an enterprise.
[Ch1, p.26]
Corporate governance roles that undertake assurance/accountability activities - ANS -
Chairperson/CEO
-Non-executive directors
- Audit committee
- Compensation (remuneration) committee
- Risk management
- Internal audit
[Ch1, p.27]
Business governance activities that support performance/value creation - ANS - Strategic
planning and alignment
- Strategic decision making