SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CGEIT: Certified In The Governance Of Enterprise It
Start Test
Study First
Subjects
:
certifications
,
cgeit
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. benefit management (Profit organization realization)
Tests - Extensive testing
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
implementation - information security - assurance - Risk
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
2. Balanced scorecard - Internal Business Processes
3. Control risk
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
enterprise risk management
risk that the controls are inadequate
Saving the cost of damage (eg ALE) minus cost of mitigation
4. Types of assertions
Signature - statement - audit trail
Benefits realization - risk optimization - resource optimization
processes are assets that create value for the customer
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
5. COBIT enabler guides
plan-prepare-execute-track-report
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
Signature - statement - audit trail
only known processes enabling
6. Balanced scorecard - Financial
7. Risk analysis methodology
Trust Service Contracts
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
Scenarios set in a risk environment
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
8. Procedure for Governance Compliance Review
plan-prepare-execute-track-report
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
implementation - information security - assurance - Risk
9. 5 focus area of IT Governance
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
informations inherited
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
10. IT governance life cycle
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
only known processes enabling
11. COBIT cascading goals
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
Financial - Operational - Reputation
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
12. IT Strategy Committee
The identification of measures that answer the question 'What must we excel at?'
VR level - integration and business strategy it - Chaired by a business executive / board member
policy - principles - statements
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
13. The report stage of a review
pain points - improvment opportunities
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
Observations / findings - risks - recommendation / report
14. Three different control categories?
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
critical success factors
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
15. Inherent risk
unavoidable risk
operational risk (HR - Law - Nature - IT) - reputational risk
quantitative risk analysis approach - damage cost per year * enter frequency
policy - principles - statements
16. Good starting points forIT Gov
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
pain points - improvment opportunities
Financial - Operational - Reputation
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
17. The 3 themes of the ICS economic / financial risk
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
informations inherited
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
operational risk (HR - Law - Nature - IT) - reputational risk
18. ISO 9000
executive tasks: prioritization - resource alloc - project tracking
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
19. Escrow contracts
pain points - improvment opportunities
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
Trust Service Contracts
20. Function point analysis
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
critical success factors
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
21. Control self assessment Self-assessment (kd) or a Control Self Assessment (CSA supervised self-assessment
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
Financial - Operational - Reputation
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
22. Risk treatment process
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
Saving the cost of damage (eg ALE) minus cost of mitigation
23. risk governance
inadequate or failed internal processes
risk and risk response evaluation
executive tasks: prioritization - resource alloc - project tracking
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
24. Refine the innovation process management
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
The identification of measures that answer the question 'What must we excel at?'
25. application vs. controls. IT general controls
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
Signature - statement - audit trail
quantitative risk analysis approach - damage cost per year * enter frequency
26. To address three types of risk in the ICS
inadequate or failed internal processes
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
Scenarios set in a risk environment
Financial - Operational - Reputation
27. Methods for continuous process improvement
Encourages the identification of measures that answer the question 'How do customers see us?'
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
risk that the controls are inadequate
Observations / findings - risks - recommendation / report
28. KPI
inadequate or failed internal processes
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
enterprise risk management
Encourages the identification of measures that answer the question 'How do customers see us?'
29. Valit content framework
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
Tests - Extensive testing
Trust Service Contracts
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
30. Hierarchy of policies
policy - principles - statements
QA
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
31. Best practices in dealing with policies Policies (not principles)
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
enterprise risk management
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
Benefits realization - risk optimization - resource optimization
32. 3 Governance Objectives
Benefits realization - risk optimization - resource optimization
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
COBIT provides the means of risk management - Riskit provides the ends.
33. IT Governance and COBIT
COBIT provides the means of risk management - Riskit provides the ends.
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
34. ISO 27000
Tests - Extensive testing
informations inherited
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
35. Use of balanced scorecards
critical success factors
executive tasks: prioritization - resource alloc - project tracking
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
36. Return on security investment ROSI
quantitative risk analysis approach - damage cost per year * enter frequency
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
Saving the cost of damage (eg ALE) minus cost of mitigation
COBIT provides the means of risk management - Riskit provides the ends.
37. COBIT framework
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
38. ISO 31000
enterprise risk management
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
unavoidable risk
39. Balanced scorecard (BSC)
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
informations inherited
40. IT Steering Committee
risk and risk response evaluation
informations inherited
executive tasks: prioritization - resource alloc - project tracking
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
41. Derivation Cobit practices / control objectives
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
42. CSFs
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
critical success factors
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
Scenarios set in a risk environment
43. Audit risk consists of...
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
The identification of measures that answer the question 'What must we excel at?'
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
44. A widely used definition of operational risk is the one contained in the Basel II [1] regulations. This definition states that operational risk is the risk of loss resulting from ____________ - people and systems - or from external events.
Observations / findings - risks - recommendation / report
Signature - statement - audit trail
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
inadequate or failed internal processes
45. Raci carts (RACI)
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
informations inherited
inadequate or failed internal processes
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
46. Comprehensive audits
COBIT provides the means of risk management - Riskit provides the ends.
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
Benefits realization - risk optimization - resource optimization
Tests - Extensive testing
47. Balanced scorecard - Learning and Growt
48. Risk appetite
To take the residual risk a company is willing risk
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
quantitative risk analysis approach - damage cost per year * enter frequency
The identification of measures that answer the question 'What must we excel at?'
49. Establishing accountability
Tests - Extensive testing
risk and risk response evaluation
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
50. ISO 9000
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
Financial - Operational - Reputation
QA
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
