Professional Documents
Culture Documents
Business Objectives
Hemang Doshi
CISA, ACA,DISA,FIII
Details about this E-Book:
The objective of this e-book is to ensure that CISA candidate get adequate knowledge IT &
business process alignment and its applicability in practical scenario. Question Answer
and Explanation (QAE) on the same concept are designed in accordance with CISA exam
pattern. This small e-book will help CISA candidate to attempt questions on IT & business
process alignment more confidently and correctly.
(1)In any given scenario, IT processes should be aligned as per business requirement.
Close alignment is evident when there is a clear mapping, linking or cascading of IT
strategy to business strategy hence ensuring that IT supports business objectives.
(2)In any given scenario, business processes and objectives should always be driver for IT
requirement. When formulating the IT strategy, the prime consideration should be
business objectives.
(3)In any given scenario, the very first step in reviewing an organization's IT strategic plan
is to review/understand the business plan.
(5)To govern IT effectively, IT and business should be moving in the same direction,
requiring that
the IT plans should be aligned with an organization's business plans.
(6)In any given scenario, IT alignment with business objective can be best assured by
involvement of top management. Top management who are very well aware of business
objectives can derive maximum benefit from information system by way of structure
alignment.
Below QAE are solely on the concept of IT alignment with business objectives . They
resemble to the type/nature of questions that are actually asked in CISA exams. Candidates
are advised to attempt below questions multiple times. More emphasis to be given on
explanation part for better understanding.
Explanation:
(1)IT steering committee must determine that IT processes are designed as per business
requirement and that whether IS processes support the business requirement. The role of
an IT steering committee is to ensure that the IS objectives are in line with business
objectives.
(2)In no case business process should be defined as per IT requirement.
(3)Capacity of existing software and installed technology are important consideration.
However prime objective should be to assess alignment of IT processes as per business
requirement.
Explanation:
(1)The very first step in reviewing an organization's IT strategic plan is to
review/understand the business plan. Without understanding the context in which
business operates and its expansion plan, review of strategic plan may not be that
effective. To evaluate the IT strategic plan, the IS auditor would first need to familiarize
him/herself with the business plan.
(2)Alignment of IT processes as per business is an important consideration. However, first
one needs to understand the business.
(3)Impact and capacity of technology depends on nature of business and business plan.
Hence understanding of business plan should be first step.
The correct answer is: A. enterprise requirements are the basis for security requirements.
Explanation:
(1)Information security to be effective should be in line with enterprise requirements.
Hence enterprise requirements should form the basis of security requirements. Other
options are not relevant.
(2)Security requirements should not form the basis for enterprise requirements. It should
be other way round.
(3)Current technology and benchmarking are important consideration though prime
consideration should be alignment of security requirements in terms of enterprise
objectives.
A. business plan.
B. information security plan.
C. business continuity plan.
D. risk management plan.
Explanation:
To govern IT effectively, IT and business should be moving in the same direction, requiring
that
the IT plans are aligned with an organization's business plans. Information security,
business continuity and risk management should be considered while developing IT plan,
but all this will add value only if IT plan is in line with business plan.
(5)Best way to determine that whether IS functions support the organizations business
objective is to ensure that:
The correct answer is: B. IS plans are designed as per business objectives.
Explanation:
Determining if the IS plan is consistent with management strategy relates IS/IT planning
to
business plans. Choices A, C and D are effective methods for determining the alignment of
IS
plans with business objectives and the organization's strategies.
(6) To improve the IS alignment with business, which of the following is the best practice:
The correct answer is: D. Involvement of top management to mediate between business
and information system.
Explanation:
The correct answer is: D. Organizations IS strategy supports the business objectives of the
organization.
Explanation:
It must be noted that IS function will not effective if same does not supports the business
objectives of the organization. Other factors are important consideration but they can be
meaningless in absence of IS alignment with business objectives.
The correct answer is: IT security policy support business and IT objectives.
Explanation:
It must be noted that IT security function will not effective if same does not supports the
business objectives of the organization. Other factors are important consideration but they
can be meaningless in absence of proper alignment of IT security with business and IT
objectives. Even if top management approves the policy which is not in line with business
objective, same should be questionable.
The correct answer is: D. the IT strategy supports the business strategies and objectives.
Explanation:
Effective IT governance need to manage two dimensions of governance. First and primary,
governance is a decision-making framework that reflects the organizations goals and
priorities, and how the organization intends to achieve them. Second, governance
processes, covers the structures and methods the organization uses to execute and
institutionalize the governance framework. In essence, the framework is what the
organization has decided, while the process is how the organization will institutionalize
those decisions.
(10)IS auditor is reviewing software development process. Which of the following is best
way to ensure that business requirements are met during software development?
Explanation:
Though other factors are important to ensure all the requirements have been considered,
best way is to ensure that users are frequently engaged from early stage of software
development. End users anchor the value stream. Most software requirements techniques
start by asking users what they want or need the system to do.
The correct answer is D. Other factors are important consideration but if IS strategy is not
in line with business objectives, IS strategy will not add value to the business.