SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CGEIT: Certified In The Governance Of Enterprise It
Start Test
Study First
Subjects
:
certifications
,
cgeit
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Derivation Cobit practices / control objectives
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
only known processes enabling
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
2. Types of assertions
Trust Service Contracts
unavoidable risk
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
Signature - statement - audit trail
3. COBIT enabler guides
only known processes enabling
policy - principles - statements
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
inadequate or failed internal processes
4. 5 focus area of IT Governance
only known processes enabling
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
informations inherited
5. Hierarchy of policies
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
COBIT provides the means of risk management - Riskit provides the ends.
policy - principles - statements
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
6. COBIT cascading goals
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
enterprise risk management
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
7. A widely used definition of operational risk is the one contained in the Basel II [1] regulations. This definition states that operational risk is the risk of loss resulting from ____________ - people and systems - or from external events.
inadequate or failed internal processes
pain points - improvment opportunities
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
8. CSFs
policy - principles - statements
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
critical success factors
9. Balanced scorecard - Financial
10. Audit risk consists of...
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
VR level - integration and business strategy it - Chaired by a business executive / board member
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
11. Return on security investment ROSI
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
unavoidable risk
implementation - information security - assurance - Risk
Saving the cost of damage (eg ALE) minus cost of mitigation
12. 3 Governance Objectives
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
Benefits realization - risk optimization - resource optimization
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
Scenarios set in a risk environment
13. Entity level controls
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
implementation - information security - assurance - Risk
Saving the cost of damage (eg ALE) minus cost of mitigation
14. COBIT framework
Benefits realization - risk optimization - resource optimization
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
15. Escrow contracts
risk and risk response evaluation
implementation - information security - assurance - Risk
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
Trust Service Contracts
16. To address three types of risk in the ICS
Financial - Operational - Reputation
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
pain points - improvment opportunities
17. Best practices in dealing with policies Policies (not principles)
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
Benefits realization - risk optimization - resource optimization
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
pain points - improvment opportunities
18. ISO 27000
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
informations inherited
inadequate or failed internal processes
The identification of measures that answer the question 'What must we excel at?'
19. Riskit vs. COBIT
informations inherited
Signature - statement - audit trail
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
COBIT provides the means of risk management - Riskit provides the ends.
20. risk governance
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
risk and risk response evaluation
quantitative risk analysis approach - damage cost per year * enter frequency
To take the residual risk a company is willing risk
21. Establishing accountability
plan-prepare-execute-track-report
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
processes are assets that create value for the customer
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
22. Valit content framework
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
23. Value management
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
only known processes enabling
executive tasks: prioritization - resource alloc - project tracking
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
24. ISO 9000
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
policy - principles - statements
inadequate or failed internal processes
25. Detection risk
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
processes are assets that create value for the customer
VR level - integration and business strategy it - Chaired by a business executive / board member
26. KPI
Financial - Operational - Reputation
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
27. Three different control categories?
risk that the controls are inadequate
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
QA
28. Refine the innovation process management
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
29. Good starting points forIT Gov
pain points - improvment opportunities
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
only known processes enabling
Benefits realization - risk optimization - resource optimization
30. Inherent risk
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
unavoidable risk
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
31. application vs. controls. IT general controls
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
risk and risk response evaluation
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
32. Control self assessment Self-assessment (kd) or a Control Self Assessment (CSA supervised self-assessment
Scenarios set in a risk environment
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
33. Control risk
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
COBIT provides the means of risk management - Riskit provides the ends.
risk that the controls are inadequate
34. Methods for continuous process improvement
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
Tests - Extensive testing
35. Balanced scorecard (BSC)
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
Signature - statement - audit trail
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
Encourages the identification of measures that answer the question 'How do customers see us?'
36. Risk appetite
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
To take the residual risk a company is willing risk
Observations / findings - risks - recommendation / report
QA
37. Balanced scorecard - Internal Business Processes
38. Risk analysis methodology
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
Scenarios set in a risk environment
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
39. COBIT professional guides
implementation - information security - assurance - Risk
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
Saving the cost of damage (eg ALE) minus cost of mitigation
Encourages the identification of measures that answer the question 'How do customers see us?'
40. Key principle of BPM
processes are assets that create value for the customer
risk that the controls are inadequate
Financial - Operational - Reputation
COBIT provides the means of risk management - Riskit provides the ends.
41. Use of balanced scorecards
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
Financial - Operational - Reputation
Benefits realization - risk optimization - resource optimization
42. Comprehensive audits
risk that the controls are inadequate
Tests - Extensive testing
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
43. Procedure for Governance Compliance Review
processes are assets that create value for the customer
plan-prepare-execute-track-report
Observations / findings - risks - recommendation / report
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
44. Balanced scorecard - Learning and Growt
45. Anual loss expectancy ALE
Tests - Extensive testing
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
quantitative risk analysis approach - damage cost per year * enter frequency
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
46. Function point analysis
Observations / findings - risks - recommendation / report
critical success factors
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
unavoidable risk
47. ISO 31000
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
To take the residual risk a company is willing risk
enterprise risk management
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
48. IT Strategy Committee
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
VR level - integration and business strategy it - Chaired by a business executive / board member
The identification of measures that answer the question 'What must we excel at?'
To take the residual risk a company is willing risk
49. Raci carts (RACI)
Observations / findings - risks - recommendation / report
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
QA
Financial - Operational - Reputation
50. IT governance life cycle
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
Observations / findings - risks - recommendation / report
only known processes enabling