Exam CISA topic 1 question 59 discussion

IT value can be achived when there is alignment btween IT and Business objectives From IT Governance point of view so I think A is correct

A. IT value analysis has not been completed.

Without an IT value analysis, you won't know how your IT investments are contributing to your business, which could affect strategic decision-making. Without a clear value of IT, it could lead to inappropriate resource allocation and risk management. On the other hand, B. A situation where all IT services are provided by third parties may not be a problem if there is proper management and monitoring, but it is a more concerning point because the lack of an IT value analysis is likely to have serious implications for the entire organization.

Among the options provided, the greatest concern from an IT governance perspective is that the IT budget is not monitored. Effective financial oversight is a critical component of IT governance. Without monitoring the IT budget, an organization cannot ensure that IT expenditures are controlled, optimized, and aligned with business objectives. This lack of financial oversight can lead to cost overruns, misallocation of resources, and missed opportunities for cost savings or investment in more strategic initiatives. It also increases the risk of fraud and inefficient use of IT resources.

D. IT budgets are not monitored: This can lead to wastage of resources and can have a significant impact on the financial health of the organization. Without proper monitoring, budget overruns can result and may impact funding for other projects. Therefore, this option is probably the most worthy of attention. However, this also depends on the specific circumstances and priorities of the organization. When making a decision, all relevant factors should be considered.

Answer: B

All IT services are provided by 3rd party

The goal of IT governance is to increase corporate value through IT. Therefore, it is important to analyze its contribution.

The finding that all IT services are provided by third parties should be of the greatest concern in an IT governance review. This raises significant issues related to dependency on external vendors, potential lack of control over critical IT functions, and increased risks associated with outsourcing.

This is related to Enterprise Governance of IT (EGIT) EGIT is concerned with two issues: (1) that IT delivers value to the business and (2) that IT risk is managed. The first is driven by strategic alignment of IT with the business. The second is driven by embedding accountability into the enterprise.

A. IT value analysis has not been completed.

I think it's D.

B. All IT services are provided by third parties. The finding that should be of the greatest concern from an IT governance review is that all IT services are provided by third parties (Option B). While outsourcing IT services is common, complete dependence on third parties can raise significant concerns related to data security, control, reliability, and potential vendor lock-in. Organizations should ensure a healthy balance between in-house and outsourced IT services to maintain control, manage risks, and ensure the availability and quality of critical IT functions.

B should be the right answer.