SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CGEIT: Certified In The Governance Of Enterprise It
Start Test
Study First
Subjects
:
certifications
,
cgeit
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Balanced scorecard - Customer
2. Balanced scorecard - Financial
3. Risk analysis techniques
critical success factors
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
Tests - Extensive testing
Financial - Operational - Reputation
4. IT Steering Committee
processes are assets that create value for the customer
executive tasks: prioritization - resource alloc - project tracking
VR level - integration and business strategy it - Chaired by a business executive / board member
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
5. IT governance life cycle
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
The identification of measures that answer the question 'What must we excel at?'
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
informations inherited
6. Hierarchy of policies
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
VR level - integration and business strategy it - Chaired by a business executive / board member
policy - principles - statements
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
7. Derivation Cobit practices / control objectives
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
Tests - Extensive testing
To take the residual risk a company is willing risk
implementation - information security - assurance - Risk
8. application vs. controls. IT general controls
plan-prepare-execute-track-report
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
policy - principles - statements
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
9. 3 Governance Objectives
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
Benefits realization - risk optimization - resource optimization
enterprise risk management
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
10. COBIT professional guides
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
QA
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
implementation - information security - assurance - Risk
11. Key principle of BPM
processes are assets that create value for the customer
enterprise risk management
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
Observations / findings - risks - recommendation / report
12. Entity level controls
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
13. Types of assertions
Signature - statement - audit trail
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
Financial - Operational - Reputation
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
14. The implementation phase of a (Gov. Compliance) Review
plan-prepare-execute-track-report
Observations / findings - risks - recommendation / report
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
15. 5 focus area of IT Governance
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
executive tasks: prioritization - resource alloc - project tracking
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
Benefits realization - risk optimization - resource optimization
16. Risk analysis methodology
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
quantitative risk analysis approach - damage cost per year * enter frequency
Scenarios set in a risk environment
Signature - statement - audit trail
17. COBIT enabler guides
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
only known processes enabling
18. Valit content framework
risk and risk response evaluation
policy - principles - statements
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
19. Comprehensive audits
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
critical success factors
Tests - Extensive testing
20. Audit risk consists of...
enterprise risk management
COBIT provides the means of risk management - Riskit provides the ends.
Saving the cost of damage (eg ALE) minus cost of mitigation
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
21. Good starting points forIT Gov
Scenarios set in a risk environment
pain points - improvment opportunities
The identification of measures that answer the question 'What must we excel at?'
policy - principles - statements
22. The report stage of a review
policy - principles - statements
Observations / findings - risks - recommendation / report
operational risk (HR - Law - Nature - IT) - reputational risk
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
23. COBIT framework
VR level - integration and business strategy it - Chaired by a business executive / board member
risk that the controls are inadequate
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
Scenarios set in a risk environment
24. To address three types of risk in the ICS
Signature - statement - audit trail
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
Financial - Operational - Reputation
25. ISO 27000
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
informations inherited
26. Balanced scorecard - Learning and Growt
27. Raci carts (RACI)
VR level - integration and business strategy it - Chaired by a business executive / board member
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
Tests - Extensive testing
28. Return on security investment ROSI
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
Saving the cost of damage (eg ALE) minus cost of mitigation
VR level - integration and business strategy it - Chaired by a business executive / board member
29. Escrow contracts
critical success factors
QA
enterprise risk management
Trust Service Contracts
30. Control risk
risk that the controls are inadequate
operational risk (HR - Law - Nature - IT) - reputational risk
enterprise risk management
To take the residual risk a company is willing risk
31. COBIT cascading goals
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
Scenarios set in a risk environment
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
32. ISO 9000
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
QA
informations inherited
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
33. Methods for continuous process improvement
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
inadequate or failed internal processes
critical success factors
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
34. Value management
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
VR level - integration and business strategy it - Chaired by a business executive / board member
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
35. KPI
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
36. Procedure for Governance Compliance Review
plan-prepare-execute-track-report
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
Saving the cost of damage (eg ALE) minus cost of mitigation
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
37. Detection risk
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
policy - principles - statements
Trust Service Contracts
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
38. Structure of the 32 COBIT processes mgmt.
processes are assets that create value for the customer
The identification of measures that answer the question 'What must we excel at?'
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
39. Risk treatment process
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
implementation - information security - assurance - Risk
40. IT Governance and COBIT
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
41. Function point analysis
inadequate or failed internal processes
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
42. Balanced scorecard (BSC)
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
inadequate or failed internal processes
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
43. Risk appetite
To take the residual risk a company is willing risk
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
risk and risk response evaluation
44. The 3 themes of the ICS economic / financial risk
Tests - Extensive testing
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
operational risk (HR - Law - Nature - IT) - reputational risk
Scenarios set in a risk environment
45. Three different control categories?
Signature - statement - audit trail
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
46. risk governance
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
Benefits realization - risk optimization - resource optimization
risk and risk response evaluation
47. Establishing accountability
policy - principles - statements
implementation - information security - assurance - Risk
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
48. Operational risk is...
49. ISO 31000
QA
enterprise risk management
risk and risk response evaluation
Scenarios set in a risk environment
50. A widely used definition of operational risk is the one contained in the Basel II [1] regulations. This definition states that operational risk is the risk of loss resulting from ____________ - people and systems - or from external events.
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
implementation - information security - assurance - Risk
inadequate or failed internal processes
