Question 9 - ISACA CGEIT Real Exam Questions [March 2026 Update]

Q: 9

Which of the following is the BEST way for a CIO to assess the consistency of IT processes against industry benchmarks to determine where to focus improvement initiatives?

Options

Discussion

Luna Feb 27, 2026 10:19 pm

I get why D looks tempting since audit results are concrete, but maturity models (A) directly compare process levels to industry standards. That lets the CIO benchmark consistently. Pretty sure A is what they're looking for here unless it's about compliance specifically.

Drew I. Feb 14, 2026 5:07 pm

FocusedLead4555 Feb 17, 2026 2:56 pm

A , capability maturity models are used exactly for benchmarking processes to industry standards. D is more for compliance checks but doesn't really help you compare against industry benchmarks. Pretty confident on this, let me know if you see it differently.

FocusedLearner7299 Mar 1, 2026 12:30 am

A seen this type of question show up in recent exam reports.

Sara U. Feb 22, 2026 12:56 pm

D tbh

Ravi R. Feb 24, 2026 3:14 pm

Pretty sure it's A for best way. Capability maturity models are designed for benchmarking process consistency, D is tempting but more about controls review not industry baselines. Feel free to disagree but that's what I've seen in other practice sets.

Grace O. Feb 12, 2026 4:14 am

Doesn't A assume the maturity model is actually calibrated to recent industry benchmarks, or is that not always the case in practice?

Karan Feb 13, 2026 7:03 am

Luna G. Feb 20, 2026 2:45 am

Wouldn't D (process audit results) show if current IT processes are actually being followed and highlight real consistency issues? I get maturity models are good for industry comparison, but actual audit findings seem super concrete. What do you think?

Priya Feb 28, 2026 4:44 am

A imo

Be respectful. No spam.

Correct Answer:

Explanation

A capability maturity model (CMM) is the most suitable tool for this purpose. It provides a structured framework and a standardized scale (e.g., levels 0-5) to assess the current state ("as-is") of IT processes. This allows for a direct comparison against industry best practices and benchmarks, which are often mapped to these maturity levels. By identifying the gap between the current and desired maturity levels, the CIO can effectively pinpoint weaknesses and strategically prioritize improvement initiatives to enhance process consistency and performance. This approach offers a holistic and comparative view that is essential for strategic planning.

Why Incorrect

B. Evaluating the current balanced scorecard is incorrect because a BSC primarily measures performance against an organization's internal strategic objectives, not external industry process benchmarks.

C. Reviewing key performance measures is insufficient as KPMs/KPIs are specific metrics that may lack the comprehensive, structured framework needed for a holistic process capability assessment against industry standards.

D. Reviewing IT process audit results is incorrect because audits focus on compliance with policies and the effectiveness of controls, rather than benchmarking process maturity for strategic improvement.

References

1. ISACA

COBIT 2019 Framework: Introduction and Methodology

2018. Chapter 6

"COBIT Performance Management (CPM)

" details the process capability levels based on CMMI

which are used to "support process improvement by identifying strengths and weaknesses and the implications thereof." This model is explicitly designed for benchmarking.

2. ISACA

CGEIT Review Manual

8th Edition

2020. Domain 4: IT Resource Optimization

Task 4.4

"Monitor and report on IT resource performance

" discusses the use of maturity and capability models to assess processes and identify opportunities for improvement against established benchmarks.

3. De Haes

& Van Grembergen

W. (2009). An exploratory study into IT governance implementations and its impact on business/IT alignment. Information Systems Management

26(2)

123-137. This academic paper discusses the use of COBIT's maturity models as a key tool for organizations to assess their IT governance processes and benchmark them

forming a basis for improvement initiatives (p. 126). DOI: https://doi.org/10.1080/10580530902794786

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE