Determining Alignment of IT Policy to Business Requirements

A.

The BEST key performance indicator (KPI) for determining how well the IT policy is aligned to the business requirements is option A - Number of approved exceptions to the policy.

Explanation:

IT policies are created to align IT activities with business objectives and requirements. Therefore, it is essential to evaluate whether these policies are being followed or not. One way to determine this is by measuring the number of exceptions approved to the policy.

An exception means that the standard policy has not been followed due to a legitimate business reason. For example, a policy might dictate that all employees must change their passwords every 90 days. However, if an employee is on extended leave, the policy may be waived for them.

If there are a high number of exceptions approved, it suggests that the policy may not be adequately aligned with business requirements. Alternatively, it may indicate that the policy is too rigid and does not allow for flexibility when necessary.

Options B, C, and D are not good KPIs for determining how well the IT policy is aligned to the business requirements.

Option B - Total cost of policy breaches - is a useful metric for measuring the financial impact of policy breaches. However, it does not indicate whether the policy is aligned with business requirements.

Option C - Total cost to support the policy - is a measure of the resources required to maintain the policy. Again, while it may be useful for determining the cost-effectiveness of the policy, it does not measure alignment with business requirements.

Option D - Number of inquiries regarding the policy - may indicate confusion or lack of understanding of the policy. However, it does not provide insight into whether the policy is aligned with business requirements.

In conclusion, the number of approved exceptions to the policy is the BEST KPI for determining how well the IT policy is aligned with business requirements.