SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CGEIT: Certified In The Governance Of Enterprise It
Start Test
Study First
Subjects
:
certifications
,
cgeit
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Derivation Cobit practices / control objectives
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
pain points - improvment opportunities
inadequate or failed internal processes
2. Risk analysis techniques
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
processes are assets that create value for the customer
3. IT Governance and COBIT
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
Financial - Operational - Reputation
4. Raci carts (RACI)
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
processes are assets that create value for the customer
Financial - Operational - Reputation
5. Use of balanced scorecards
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
Benefits realization - risk optimization - resource optimization
6. Function point analysis
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
risk and risk response evaluation
7. Balanced scorecard (BSC)
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
policy - principles - statements
8. Detection risk
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
QA
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
Signature - statement - audit trail
9. ISO 31000
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
pain points - improvment opportunities
critical success factors
enterprise risk management
10. The report stage of a review
plan-prepare-execute-track-report
The identification of measures that answer the question 'What must we excel at?'
COBIT provides the means of risk management - Riskit provides the ends.
Observations / findings - risks - recommendation / report
11. ISO 9000
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
risk that the controls are inadequate
QA
Scenarios set in a risk environment
12. Structure of the 32 COBIT processes mgmt.
Financial - Operational - Reputation
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
plan-prepare-execute-track-report
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
13. application vs. controls. IT general controls
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
COBIT provides the means of risk management - Riskit provides the ends.
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
14. The 3 themes of the ICS economic / financial risk
VR level - integration and business strategy it - Chaired by a business executive / board member
Signature - statement - audit trail
operational risk (HR - Law - Nature - IT) - reputational risk
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
15. Types of assertions
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
Signature - statement - audit trail
16. ISO 9000
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
inadequate or failed internal processes
Financial - Operational - Reputation
17. IT Steering Committee
To take the residual risk a company is willing risk
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
executive tasks: prioritization - resource alloc - project tracking
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
18. Balanced scorecard - Internal Business Processes
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
19. COBIT cascading goals
policy - principles - statements
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
Benefits realization - risk optimization - resource optimization
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
20. Control risk
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
risk that the controls are inadequate
executive tasks: prioritization - resource alloc - project tracking
21. risk governance
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
risk that the controls are inadequate
risk and risk response evaluation
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
22. Balanced scorecard - Customer
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
23. benefit management (Profit organization realization)
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
processes are assets that create value for the customer
implementation - information security - assurance - Risk
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
24. COBIT framework
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
Encourages the identification of measures that answer the question 'How do customers see us?'
critical success factors
25. Riskit vs. COBIT
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
COBIT provides the means of risk management - Riskit provides the ends.
quantitative risk analysis approach - damage cost per year * enter frequency
26. Risk treatment process
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
risk that the controls are inadequate
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
27. IT Strategy Committee
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
processes are assets that create value for the customer
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
VR level - integration and business strategy it - Chaired by a business executive / board member
28. Good starting points forIT Gov
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
pain points - improvment opportunities
Observations / findings - risks - recommendation / report
29. Refine the innovation process management
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
30. ISO 27000
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
informations inherited
31. CSFs
Trust Service Contracts
plan-prepare-execute-track-report
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
critical success factors
32. Balanced scorecard - Financial
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
33. Control self assessment Self-assessment (kd) or a Control Self Assessment (CSA supervised self-assessment
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
Tests - Extensive testing
34. Hierarchy of policies
policy - principles - statements
Signature - statement - audit trail
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
35. Return on security investment ROSI
Saving the cost of damage (eg ALE) minus cost of mitigation
The identification of measures that answer the question 'What must we excel at?'
enterprise risk management
VR level - integration and business strategy it - Chaired by a business executive / board member
36. Inherent risk
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
unavoidable risk
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
37. Key principle of BPM
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
risk and risk response evaluation
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
processes are assets that create value for the customer
38. To address three types of risk in the ICS
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
To take the residual risk a company is willing risk
Financial - Operational - Reputation
executive tasks: prioritization - resource alloc - project tracking
39. Comprehensive audits
Tests - Extensive testing
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
40. Best practices in dealing with policies Policies (not principles)
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
pain points - improvment opportunities
41. Audit risk consists of...
only known processes enabling
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
quantitative risk analysis approach - damage cost per year * enter frequency
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
42. Balanced scorecard - Learning and Growt
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
43. IT governance life cycle
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
only known processes enabling
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
critical success factors
44. Valit content framework
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
VR level - integration and business strategy it - Chaired by a business executive / board member
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
45. COBIT enabler guides
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
Signature - statement - audit trail
Financial - Operational - Reputation
only known processes enabling
46. A widely used definition of operational risk is the one contained in the Basel II [1] regulations. This definition states that operational risk is the risk of loss resulting from ____________ - people and systems - or from external events.
inadequate or failed internal processes
Trust Service Contracts
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
executive tasks: prioritization - resource alloc - project tracking
47. Anual loss expectancy ALE
quantitative risk analysis approach - damage cost per year * enter frequency
The identification of measures that answer the question 'What must we excel at?'
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
48. Entity level controls
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
To take the residual risk a company is willing risk
49. Value management
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
Trust Service Contracts
50. 5 focus area of IT Governance
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
