Certified in the Governance of Enterprise IT (CGEIT) — Question 66

The IT program manager does not see the value of conducting risk assessments for a new major IT project. The manager is reluctant to cooperate with internal auditors and the newly formed steering committee. Midway through the project, program requirements were changed because the CEO is a friend of a vendor and wants to implement this vendor's new technology. This decision will cause the current IT program budget to be insufficient and will be shown as overspending,
After the requirement change request, the IT program manager should FIRST:

Answer options

• A. report the matter to internal audit as a program deviation to be reviewed.
• B. obtain confirmation from the business and a decision by the steering committee.
• C. align IT with the business and agree to the business request.
• D. request additional funding from the business owner to cover the additional scope.

Correct answer: B

Explanation

The correct answer is B because obtaining confirmation from the business and a decision from the steering committee is essential to ensure all stakeholders are aligned with the new requirements before proceeding. Option A is premature as internal audit involvement should follow internal alignment. Option C does not address the need for formal agreement on the changed requirements. Option D is a reactive measure that does not consider the need for stakeholder consensus first.