SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CGEIT: Certified In The Governance Of Enterprise It
Start Test
Study First
Subjects
:
certifications
,
cgeit
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Types of assertions
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
Signature - statement - audit trail
2. Balanced scorecard - Customer
3. COBIT framework
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
implementation - information security - assurance - Risk
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
unavoidable risk
4. Audit risk consists of...
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
informations inherited
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
5. risk governance
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
Benefits realization - risk optimization - resource optimization
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
risk and risk response evaluation
6. Risk treatment process
Trust Service Contracts
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
7. Hierarchy of policies
enterprise risk management
policy - principles - statements
implementation - information security - assurance - Risk
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
8. Risk analysis methodology
Scenarios set in a risk environment
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
unavoidable risk
9. Control self assessment Self-assessment (kd) or a Control Self Assessment (CSA supervised self-assessment
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
quantitative risk analysis approach - damage cost per year * enter frequency
10. Establishing accountability
Encourages the identification of measures that answer the question 'How do customers see us?'
operational risk (HR - Law - Nature - IT) - reputational risk
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
11. ISO 9000
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
only known processes enabling
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
12. COBIT enabler guides
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
Encourages the identification of measures that answer the question 'How do customers see us?'
only known processes enabling
Benefits realization - risk optimization - resource optimization
13. Value management
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
Benefits realization - risk optimization - resource optimization
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
risk that the controls are inadequate
14. Riskit vs. COBIT
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
COBIT provides the means of risk management - Riskit provides the ends.
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
risk and risk response evaluation
15. IT governance life cycle
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
16. Risk analysis techniques
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
Financial - Operational - Reputation
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
17. Inherent risk
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
unavoidable risk
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
To take the residual risk a company is willing risk
18. Refine the innovation process management
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
19. Balanced scorecard - Internal Business Processes
20. Valit content framework
Financial - Operational - Reputation
unavoidable risk
COBIT provides the means of risk management - Riskit provides the ends.
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
21. Return on security investment ROSI
Signature - statement - audit trail
Saving the cost of damage (eg ALE) minus cost of mitigation
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
22. Comprehensive audits
Tests - Extensive testing
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
pain points - improvment opportunities
Saving the cost of damage (eg ALE) minus cost of mitigation
23. KPI
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
executive tasks: prioritization - resource alloc - project tracking
24. Good starting points forIT Gov
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
pain points - improvment opportunities
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
risk that the controls are inadequate
25. ISO 27000
informations inherited
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
Scenarios set in a risk environment
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
26. Risk appetite
Tests - Extensive testing
To take the residual risk a company is willing risk
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
27. IT Strategy Committee
VR level - integration and business strategy it - Chaired by a business executive / board member
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
critical success factors
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
28. ISO 31000
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
To take the residual risk a company is willing risk
critical success factors
enterprise risk management
29. Escrow contracts
processes are assets that create value for the customer
implementation - information security - assurance - Risk
Trust Service Contracts
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
30. application vs. controls. IT general controls
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
QA
31. Balanced scorecard - Financial
32. Derivation Cobit practices / control objectives
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
33. Key principle of BPM
processes are assets that create value for the customer
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
34. COBIT cascading goals
VR level - integration and business strategy it - Chaired by a business executive / board member
processes are assets that create value for the customer
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
critical success factors
35. A widely used definition of operational risk is the one contained in the Basel II [1] regulations. This definition states that operational risk is the risk of loss resulting from ____________ - people and systems - or from external events.
inadequate or failed internal processes
processes are assets that create value for the customer
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
36. COBIT professional guides
executive tasks: prioritization - resource alloc - project tracking
implementation - information security - assurance - Risk
Encourages the identification of measures that answer the question 'How do customers see us?'
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
37. Balanced scorecard (BSC)
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
38. Raci carts (RACI)
risk that the controls are inadequate
VR level - integration and business strategy it - Chaired by a business executive / board member
executive tasks: prioritization - resource alloc - project tracking
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
39. Entity level controls
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
Observations / findings - risks - recommendation / report
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
40. Function point analysis
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
The identification of measures that answer the question 'What must we excel at?'
informations inherited
Observations / findings - risks - recommendation / report
41. ISO 9000
QA
processes are assets that create value for the customer
Signature - statement - audit trail
inadequate or failed internal processes
42. To address three types of risk in the ICS
Signature - statement - audit trail
Financial - Operational - Reputation
Tests - Extensive testing
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
43. Best practices in dealing with policies Policies (not principles)
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
44. Use of balanced scorecards
unavoidable risk
informations inherited
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
45. 5 focus area of IT Governance
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
Signature - statement - audit trail
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
46. IT Steering Committee
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
Signature - statement - audit trail
executive tasks: prioritization - resource alloc - project tracking
Saving the cost of damage (eg ALE) minus cost of mitigation
47. Balanced scorecard - Learning and Growt
48. Three different control categories?
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
Encourages the identification of measures that answer the question 'How do customers see us?'
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
49. The report stage of a review
Observations / findings - risks - recommendation / report
Encourages the identification of measures that answer the question 'How do customers see us?'
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
QA
50. Operational risk is...
