SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CGEIT: Certified In The Governance Of Enterprise It
Start Test
Study First
Subjects
:
certifications
,
cgeit
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. IT governance life cycle
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
2. Methods for continuous process improvement
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
Tests - Extensive testing
only known processes enabling
3. ISO 9000
COBIT provides the means of risk management - Riskit provides the ends.
implementation - information security - assurance - Risk
Observations / findings - risks - recommendation / report
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
4. Valit content framework
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
The identification of measures that answer the question 'What must we excel at?'
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
enterprise risk management
5. COBIT professional guides
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
implementation - information security - assurance - Risk
6. Value management
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
informations inherited
pain points - improvment opportunities
7. Control risk
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
Signature - statement - audit trail
risk that the controls are inadequate
Scenarios set in a risk environment
8. Good starting points forIT Gov
COBIT provides the means of risk management - Riskit provides the ends.
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
pain points - improvment opportunities
9. Use of balanced scorecards
critical success factors
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
The identification of measures that answer the question 'What must we excel at?'
10. IT Strategy Committee
VR level - integration and business strategy it - Chaired by a business executive / board member
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
quantitative risk analysis approach - damage cost per year * enter frequency
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
11. COBIT cascading goals
Signature - statement - audit trail
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
12. Types of assertions
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
Tests - Extensive testing
Signature - statement - audit trail
risk and risk response evaluation
13. Raci carts (RACI)
executive tasks: prioritization - resource alloc - project tracking
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
risk and risk response evaluation
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
14. The implementation phase of a (Gov. Compliance) Review
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
enterprise risk management
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
15. Operational risk is...
16. Refine the innovation process management
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
informations inherited
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
17. Balanced scorecard (BSC)
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
18. Establishing accountability
quantitative risk analysis approach - damage cost per year * enter frequency
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
only known processes enabling
Observations / findings - risks - recommendation / report
19. Function point analysis
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
Encourages the identification of measures that answer the question 'How do customers see us?'
QA
20. ISO 31000
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
quantitative risk analysis approach - damage cost per year * enter frequency
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
enterprise risk management
21. application vs. controls. IT general controls
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
implementation - information security - assurance - Risk
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
22. Anual loss expectancy ALE
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
quantitative risk analysis approach - damage cost per year * enter frequency
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
VR level - integration and business strategy it - Chaired by a business executive / board member
23. Hierarchy of policies
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
policy - principles - statements
quantitative risk analysis approach - damage cost per year * enter frequency
24. Entity level controls
Benefits realization - risk optimization - resource optimization
Encourages the identification of measures that answer the question 'How do customers see us?'
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
Signature - statement - audit trail
25. Three different control categories?
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
Signature - statement - audit trail
26. Best practices in dealing with policies Policies (not principles)
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
27. Balanced scorecard - Learning and Growt
28. 5 focus area of IT Governance
risk that the controls are inadequate
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
QA
29. benefit management (Profit organization realization)
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
Encourages the identification of measures that answer the question 'How do customers see us?'
30. risk governance
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
risk and risk response evaluation
31. Balanced scorecard - Customer
32. Balanced scorecard - Financial
33. A widely used definition of operational risk is the one contained in the Basel II [1] regulations. This definition states that operational risk is the risk of loss resulting from ____________ - people and systems - or from external events.
Tests - Extensive testing
inadequate or failed internal processes
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
plan-prepare-execute-track-report
34. 3 Governance Objectives
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
Benefits realization - risk optimization - resource optimization
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
35. Control self assessment Self-assessment (kd) or a Control Self Assessment (CSA supervised self-assessment
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
To take the residual risk a company is willing risk
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
36. Risk analysis techniques
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
only known processes enabling
37. COBIT enabler guides
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
only known processes enabling
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
38. ISO 27000
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
informations inherited
COBIT provides the means of risk management - Riskit provides the ends.
39. Return on security investment ROSI
enterprise risk management
Benefits realization - risk optimization - resource optimization
critical success factors
Saving the cost of damage (eg ALE) minus cost of mitigation
40. The report stage of a review
risk that the controls are inadequate
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
Observations / findings - risks - recommendation / report
41. Detection risk
Trust Service Contracts
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
VR level - integration and business strategy it - Chaired by a business executive / board member
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
42. IT Governance and COBIT
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
Scenarios set in a risk environment
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
43. Comprehensive audits
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
Tests - Extensive testing
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
44. Key principle of BPM
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
Benefits realization - risk optimization - resource optimization
To take the residual risk a company is willing risk
processes are assets that create value for the customer
45. Derivation Cobit practices / control objectives
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
Saving the cost of damage (eg ALE) minus cost of mitigation
only known processes enabling
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
46. Risk appetite
Financial - Operational - Reputation
Signature - statement - audit trail
To take the residual risk a company is willing risk
inadequate or failed internal processes
47. Structure of the 32 COBIT processes mgmt.
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
pain points - improvment opportunities
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
48. ISO 9000
QA
Observations / findings - risks - recommendation / report
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
49. Risk treatment process
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
50. Risk analysis methodology
Encourages the identification of measures that answer the question 'How do customers see us?'
plan-prepare-execute-track-report
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
Scenarios set in a risk environment
