Most Recent Isaca CGEIT Exam Dumps

The best long-term solution to address the concern regarding loss of experienced staff is to implement knowledge management practices, because knowledge management is the process of creating, sharing, using, and managing the knowledge and information of an organization1. Knowledge management practices can help capture, document, and transfer the valuable knowledge and expertise of the experienced staff before they leave the organization, as well as facilitate the learning and development of the new or existing staff.Knowledge management practices can also enhance the organizational performance, innovation, and competitiveness by leveraging the intellectual capital and creating a culture of knowledge sharing2.According to a study by3, the impact of knowledge management practices on employee retention is significant and positive in both IT and banking industries.Another study by4found that knowledge management practices can improve job satisfaction and employee retention by fostering a supportive work environment, providing growth opportunities, and rewarding knowledge contributions. Therefore, implementing knowledge management practices can help mitigate the risk of losing experienced staff and their knowledge in the long run.

The other options are not the best long-term solutions, because they are either short-term or partial solutions. Establishing a mentoring program for IT staff can help transfer some of the knowledge and skills of the experienced staff to the mentees, but it may not be sufficient or systematic enough to capture and preserve all the relevant knowledge. Determining key risk indicators (KRIs) can help monitor and measure the risk exposure of losing experienced staff, but it does not address the root cause or provide a solution for the problem. Retaining key staff as consultants can help retain some of the expertise and experience of the staff, but it may not be feasible or cost-effective in the long term, and it may also create dependency and vulnerability issues for the organization.

Information security must approve the criteria for technology-enabled services to ensure that all security-related considerations, including compliance, risk mitigation, and data protection, are addressed. This step aligns the service design with the enterprise's security policies and regulatory requirements before it progresses to stakeholders. Other functions such as QA and PMO contribute to execution and oversight, but the responsibility for security approvals rests with information security. Reference: COBIT 2019, ISACA Security Guidance.

The PRIMARY purpose of information governance is to set direction for information management capabilities through prioritization and decision making. Information governance is the overall strategy for information at an organization.It balances the risk that information presents with the value that information provides1.Information governance helps with legal compliance, operational transparency, and reducing expenditures associated with legal discovery1. To achieve this, information governance requires setting direction for information management capabilities through prioritization and decision making.This involves defining and implementing policies and processes for the effective and efficient acquisition, storage, distribution, usage, and disposal of information in alignment with business objectives and regulatory requirements2.It also involves ensuring the protection of information quality, integrity, availability, confidentiality, and ownership2. By setting direction for information management capabilities through prioritization and decision making, information governance can help to optimize the value and minimize the risk of information assets.Reference:=

Information governance - Wikipedia1

What is Information Governance?Why is it Important?3

Total cost of ownership (TCO) is the purchase price of an asset plus the costs of operation over its lifespan1.TCO includes hardware and software acquisition, management and support, communications, end-user expenses and the opportunity cost of downtime, training and other productivity losses2.By considering TCO in investment decisions, an enterprise can avoid unexpected costs and optimize the value of its IT assets3. A policy to consider TCO in investment decisions can help the enterprise to plan ahead for the lease or purchase of ITinfrastructure and software licenses, and avoid cost overruns due to lease extensions or other factors.Reference:=

CGEIT Review Manual (Digital Version), Chapter 4: Value Optimization, Section 4.2: IT Value Delivery, Subsection 4.2.3: IT Resource Management, Page 123

CGEIT Review Manual (Print Version), Chapter 4: Value Optimization, Section 4.2: IT Value Delivery, Subsection 4.2.3: IT Resource Management, Page 123

How to Calculate Total Cost of Ownership for Software - GetApp4

Total Cost of Ownership: How It's Calculated With Example - Investopedia1

The CIO is the chief information officer of an enterprise, who oversees and optimizes the use of information technology (IT) to achieve the business objectives and strategy. One of the primary responsibilities of the CIO is to ensure that IT architecture requirements are considered when an enterprise plans to replace its enterprise resource applications (ERAs). ERAs are integrated software systems that support various business functions, such as finance, accounting, human resources, supply chain, etc. IT architecture requirements are the specifications and standards that define how the IT systems and platforms should be designed, developed, deployed, and maintained to support the ERAs and their users. IT architecture requirements include aspects such as performance, scalability, security, reliability, interoperability, usability, etc. The CIO should ensure that IT architecture requirements are considered when an enterprise plans to replace its ERAs, because they can affect the quality, efficiency, and effectiveness of the ERAs and their alignment with the business needs and goals. The CIO should also ensure that the IT architecture requirements are consistent with the enterprise's IT strategy and vision, and that they comply with the relevant policies, regulations, and best practices.

Topic 3, Exam pool C