A multinational logistics company has just completed Phase 2 ('Where are we now?') of the COBIT implementation lifecycle. The assessment revealed significant gaps in process capability, particularly in BAI03 (Managed Solutions Identification and Build). The program steering committee is pushing to immediately jump to Phase 5 ('How do we get there?') by purchasing a new ERP system. What is the MOST significant risk of this approach?
A governance design team is working through Step 3 ('Refine scope using design factors') of the design workflow. They have determined that the company's enterprise strategy is 'Growth/Acquisition'. How does this specific design factor value primarily influence the prioritization of governance and management objectives?
A rapidly scaling FinTech startup is designing its first formal governance system. The company operates in a highly regulated environment, has a high risk profile due to handling sensitive financial data, and follows a DevOps implementation method. Which of the following governance system components must be MOST carefully designed and integrated to ensure success? (Select TWO)
A university is implementing a new student information system. During Phase 6 ('Did we get there?') of the implementation lifecycle, the primary focus is on monitoring the achievement of the goals defined in the business case. Which COBIT process provides the most relevant guidance for this activity?
True or False: The COBIT 2019 Design Guide prescribes a single, mandatory target capability level for each prioritized governance objective, regardless of the enterprise's specific context or design factors.
A manufacturing company is designing a governance system. A key design factor is its threat landscape, which has recently shifted to include sophisticated industrial espionage targeting intellectual property stored in product design systems. How does this specific design factor value impact the required capability level of the 'Managed Security' (DSS05) process component?
A hospital group is implementing an Electronic Health Record (EHR) system. The board of directors is primarily concerned with patient data privacy and compliance with healthcare regulations like HIPAA. According to the COBIT Key Topics Decision Matrix (RACI chart), who is ULTIMATELY accountable for decisions regarding the I&T risk management policy?
During the design of a governance system for an e-commerce company, the team identifies that the primary enterprise goal is 'Customer-oriented service culture'. Which alignment goal from the COBIT goals cascade MOST directly supports this enterprise goal?
A financial services firm is in Phase 7 ('How do we keep the momentum going?') of its governance implementation program. The initial project focused on improving the DSS04 (Managed Continuity) process. What is the MOST effective activity to ensure the improvements are sustained and embedded in the organization?
A government agency is designing a governance system. Due to strict public accountability and data privacy laws, its compliance requirements are 'High'. At the same time, its technology adoption strategy is 'Slow/Follower' due to budget constraints. How would these two conflicting design factors MOST likely be resolved in the final governance system design?