Governance of Enterprise IT (CGEIT) Certification Practice Exam

What is the BEST practice for the board of directors to establish the effectiveness of IT internal controls?

• A. Continuous monitoring
• B. A quality assurance function
• C. An IT steering committee
• D. External performance assessment

The correct answer is: Continuous monitoring

The best practice for the board of directors to establish the effectiveness of IT internal controls is through continuous monitoring. This approach allows for real-time oversight and evaluation of IT processes and controls, which is crucial for identifying potential weaknesses or failures quickly. Continuous monitoring enhances the organization's ability to respond to changes in the environment, technology, and threats, ensuring that the internal controls remain effective over time. Implementing continuous monitoring provides a systematic approach to ensure that controls are functioning as intended. It also incorporates feedback loops that help in the timely identification of control deficiencies, allowing for corrective actions to be taken before they escalate into more significant issues. While a quality assurance function plays an important role in validating processes and systems, it typically operates on a periodic basis rather than continuously assessing performance. An IT steering committee can be helpful for governance and strategic alignment but does not directly establish the effectiveness of internal controls. External performance assessments provide valuable insights from independent evaluators; however, they often occur infrequently and may not provide the immediate feedback necessary to adapt and improve controls in real-time. Therefore, continuous monitoring stands out as the most effective method for ensuring that IT internal controls are robust and effective.