SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CGEIT: Certified In The Governance Of Enterprise It
Start Test
Study First
Subjects
:
certifications
,
cgeit
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Value management
To take the residual risk a company is willing risk
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
plan-prepare-execute-track-report
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
2. Balanced scorecard (BSC)
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
pain points - improvment opportunities
3. IT Steering Committee
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
Signature - statement - audit trail
executive tasks: prioritization - resource alloc - project tracking
4. ISO 27000
executive tasks: prioritization - resource alloc - project tracking
The identification of measures that answer the question 'What must we excel at?'
Benefits realization - risk optimization - resource optimization
informations inherited
5. Three different control categories?
plan-prepare-execute-track-report
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
To take the residual risk a company is willing risk
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
6. Risk analysis techniques
pain points - improvment opportunities
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
7. Balanced scorecard - Internal Business Processes
8. Inherent risk
unavoidable risk
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
Signature - statement - audit trail
critical success factors
9. Valit content framework
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
risk and risk response evaluation
10. application vs. controls. IT general controls
Tests - Extensive testing
unavoidable risk
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
11. Entity level controls
Observations / findings - risks - recommendation / report
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
Scenarios set in a risk environment
12. Best practices in dealing with policies Policies (not principles)
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
quantitative risk analysis approach - damage cost per year * enter frequency
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
13. Return on security investment ROSI
Signature - statement - audit trail
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
Saving the cost of damage (eg ALE) minus cost of mitigation
risk and risk response evaluation
14. Balanced scorecard - Learning and Growt
15. Risk appetite
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
To take the residual risk a company is willing risk
unavoidable risk
Encourages the identification of measures that answer the question 'How do customers see us?'
16. COBIT enabler guides
only known processes enabling
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
executive tasks: prioritization - resource alloc - project tracking
Observations / findings - risks - recommendation / report
17. Establishing accountability
policy - principles - statements
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
unavoidable risk
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
18. 3 Governance Objectives
operational risk (HR - Law - Nature - IT) - reputational risk
Observations / findings - risks - recommendation / report
Benefits realization - risk optimization - resource optimization
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
19. COBIT cascading goals
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
Tests - Extensive testing
20. Methods for continuous process improvement
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
Financial - Operational - Reputation
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
21. The report stage of a review
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
Signature - statement - audit trail
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
Observations / findings - risks - recommendation / report
22. 5 focus area of IT Governance
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
Saving the cost of damage (eg ALE) minus cost of mitigation
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
The identification of measures that answer the question 'What must we excel at?'
23. Derivation Cobit practices / control objectives
pain points - improvment opportunities
only known processes enabling
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
VR level - integration and business strategy it - Chaired by a business executive / board member
24. Riskit vs. COBIT
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
Financial - Operational - Reputation
COBIT provides the means of risk management - Riskit provides the ends.
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
25. ISO 31000
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
only known processes enabling
QA
enterprise risk management
26. Refine the innovation process management
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
Financial - Operational - Reputation
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
27. risk governance
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
risk and risk response evaluation
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
28. Escrow contracts
Trust Service Contracts
unavoidable risk
pain points - improvment opportunities
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
29. Use of balanced scorecards
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
30. Balanced scorecard - Financial
31. Raci carts (RACI)
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
Saving the cost of damage (eg ALE) minus cost of mitigation
32. The implementation phase of a (Gov. Compliance) Review
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
inadequate or failed internal processes
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
quantitative risk analysis approach - damage cost per year * enter frequency
33. Operational risk is...
34. IT Strategy Committee
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
VR level - integration and business strategy it - Chaired by a business executive / board member
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
plan-prepare-execute-track-report
35. ISO 9000
VR level - integration and business strategy it - Chaired by a business executive / board member
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
QA
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
36. A widely used definition of operational risk is the one contained in the Basel II [1] regulations. This definition states that operational risk is the risk of loss resulting from ____________ - people and systems - or from external events.
inadequate or failed internal processes
pain points - improvment opportunities
operational risk (HR - Law - Nature - IT) - reputational risk
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
37. Types of assertions
quantitative risk analysis approach - damage cost per year * enter frequency
Signature - statement - audit trail
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
38. Hierarchy of policies
Financial - Operational - Reputation
risk that the controls are inadequate
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
policy - principles - statements
39. CSFs
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
Encourages the identification of measures that answer the question 'How do customers see us?'
critical success factors
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
40. Risk analysis methodology
Benefits realization - risk optimization - resource optimization
Encourages the identification of measures that answer the question 'How do customers see us?'
unavoidable risk
Scenarios set in a risk environment
41. To address three types of risk in the ICS
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
risk and risk response evaluation
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
Financial - Operational - Reputation
42. COBIT professional guides
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
Signature - statement - audit trail
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
implementation - information security - assurance - Risk
43. Procedure for Governance Compliance Review
plan-prepare-execute-track-report
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
risk and risk response evaluation
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
44. Anual loss expectancy ALE
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
quantitative risk analysis approach - damage cost per year * enter frequency
implementation - information security - assurance - Risk
enterprise risk management
45. Control risk
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
To take the residual risk a company is willing risk
risk that the controls are inadequate
46. Audit risk consists of...
Trust Service Contracts
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
47. The 3 themes of the ICS economic / financial risk
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
operational risk (HR - Law - Nature - IT) - reputational risk
Financial - Operational - Reputation
VR level - integration and business strategy it - Chaired by a business executive / board member
48. Function point analysis
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
informations inherited
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
risk and risk response evaluation
49. Structure of the 32 COBIT processes mgmt.
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
Signature - statement - audit trail
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
50. Balanced scorecard - Customer
