Isaca Certified in Risk and Information Systems Control CRISC Question # 513 Topic 52 Discussion

CRISC Exam Topic 52 Question 513 Discussion:

Question #: 513

Topic #: 52

A chief information officer (CIO) has identified risk associated with shadow systems being maintained by business units to address specific functionality gaps in the organization'senterprise resource planning (ERP) system. What is the BEST way to reduce this risk going forward?

Align applications to business processes.

Implement an enterprise architecture (EA).

Define the software development life cycle (SDLC).

Define enterprise-wide system procurement requirements.

Get Premium CRISC Questions

Explanation

Shadow systems are IT systems, solutions, devices, or technologies used within an organization without the knowledge and approval of the corporate IT department1. They are often the result ofemployees trying to address specific functionality gaps in the organization’s official systems, such as the ERP system. However, shadow systems can pose significant risks to the organization, such as:

Data security and privacy breaches, as shadow systems may not comply with the organization’s security policies and standards, or may expose sensitive data to unauthorized parties2.

Data quality and integrity issues, as shadow systems may not synchronize or integrate with the organization’s official systems, or may create data inconsistencies or redundancies3.

Compliance and regulatory violations, as shadow systems may not adhere to the organization’s legal or contractual obligations, or may create audit or reporting challenges4.

Cost and resource inefficiencies, as shadow systems may duplicate or conflict with the organization’s official systems, or may consume more IT resources than necessary5.

The best way to reduce the risk associated with shadow systems is to implement an enterprise architecture (EA), which is a comprehensive framework that defines the structure, processes, principles, and standards of the organization’s IT environment6. By implementing an EA, the organization can:

Align the IT systems with the organization’s goals and strategy, and ensure that they support the business needs and requirements6.

Establish a governance structure and process for IT decision making, and ensure that all IT systems are approved, monitored, and controlled by the IT department7.

Enhance the communication and collaboration between the IT department and the business units, and ensure that the IT systems meet the expectations and preferences of the end users5.

Optimize the performance and efficiency of the IT systems, and ensure that they are scalable, flexible, and interoperable6.

References =

Shadow IT: What Are the Risks and How Can You Mitigate Them? - Ekran System

How to Reduce Risks of Shadow IT by Applying Governance to Public Clouds – BMC Software | Blogs

What is shadow IT? - Article | SailPoint

The Risks of Shadow IT and How to Avoid Them | SiteSpect

Start reducing your organization’s Shadow IT risk in 3 steps

What is enterprise architecture (EA)? - Definition from WhatIs.com

Enterprise Architecture Governance - CIO Wiki

Actual exam question for Isaca CRISC exam by Phoenix6540 at Aug 3, 2025, 9:42:56 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Isaca Certified in Risk and Information Systems Control CRISC Question # 513 Topic 52 Discussion

Isaca Certified in Risk and Information Systems Control CRISC Question # 513 Topic 52 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Isaca Certified in Risk and Information Systems Control CRISC Question # 513 Topic 52 Discussion

Isaca Certified in Risk and Information Systems Control CRISC Question # 513 Topic 52 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval