CGEIT: Certified In The Governance Of Enterprise It

Instructions:

• Answer 50 questions in 15 minutes.
• If you are not ready to take this test, you can study here.
• Match each statement with the correct term.
• Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Valit content framework
QA
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
Scenarios set in a risk environment


2. Raci carts (RACI)
To take the residual risk a company is willing risk
unavoidable risk
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
pain points - improvment opportunities


3. Balanced scorecard - Financial

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


4. Establishing accountability
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
Saving the cost of damage (eg ALE) minus cost of mitigation


5. ISO 9000
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
processes are assets that create value for the customer
policy - principles - statements
QA


6. Detection risk
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
pain points - improvment opportunities
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
Preventive controls - detective controls - corrective controls (troubleshooting instructions)


7. IT Strategy Committee
VR level - integration and business strategy it - Chaired by a business executive / board member
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
The identification of measures that answer the question 'What must we excel at?'


8. Types of assertions
Signature - statement - audit trail
QA
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects


9. IT Governance and COBIT
informations inherited
risk and risk response evaluation
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
inherent risk - control risk: insufficient control system - detection risk: insufficient testing


10. ISO 9000
Encourages the identification of measures that answer the question 'How do customers see us?'
Financial - Operational - Reputation
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi


11. IT governance life cycle
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
processes are assets that create value for the customer


12. Good starting points forIT Gov
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
pain points - improvment opportunities
Preventive controls - detective controls - corrective controls (troubleshooting instructions)


13. Operational risk is...

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


14. COBIT enabler guides
Encourages the identification of measures that answer the question 'How do customers see us?'
only known processes enabling
Financial - Operational - Reputation
risk and risk response evaluation


15. KPI
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
pain points - improvment opportunities
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener


16. Derivation Cobit practices / control objectives
processes are assets that create value for the customer
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
Observations / findings - risks - recommendation / report


17. Risk treatment process
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
The identification of measures that answer the question 'What must we excel at?'
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME


18. Control risk
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
risk that the controls are inadequate
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32


19. Balanced scorecard - Customer

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


20. To address three types of risk in the ICS
Financial - Operational - Reputation
Signature - statement - audit trail
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits


21. Procedure for Governance Compliance Review
plan-prepare-execute-track-report
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
informations inherited
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin


22. The 3 themes of the ICS economic / financial risk
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
executive tasks: prioritization - resource alloc - project tracking
operational risk (HR - Law - Nature - IT) - reputational risk
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .


23. Anual loss expectancy ALE
quantitative risk analysis approach - damage cost per year * enter frequency
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
unavoidable risk
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME


24. The implementation phase of a (Gov. Compliance) Review
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
COBIT provides the means of risk management - Riskit provides the ends.
risk and risk response evaluation
inherent risk - control risk: insufficient control system - detection risk: insufficient testing


25. Escrow contracts
Encourages the identification of measures that answer the question 'How do customers see us?'
Trust Service Contracts
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
Benefits realization - risk optimization - resource optimization


26. COBIT cascading goals
To take the residual risk a company is willing risk
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals


27. Methods for continuous process improvement
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
Saving the cost of damage (eg ALE) minus cost of mitigation
processes are assets that create value for the customer


28. Return on security investment ROSI
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
informations inherited
risk that the controls are inadequate
Saving the cost of damage (eg ALE) minus cost of mitigation


29. IT Steering Committee
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
executive tasks: prioritization - resource alloc - project tracking
Preventive controls - detective controls - corrective controls (troubleshooting instructions)


30. COBIT framework
To take the residual risk a company is willing risk
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
Saving the cost of damage (eg ALE) minus cost of mitigation
pain points - improvment opportunities


31. COBIT professional guides
critical success factors
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
implementation - information security - assurance - Risk
informations inherited


32. Inherent risk
unavoidable risk
executive tasks: prioritization - resource alloc - project tracking
Signature - statement - audit trail
enterprise risk management


33. Use of balanced scorecards
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
COBIT provides the means of risk management - Riskit provides the ends.
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
QA


34. 3 Governance Objectives
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
Benefits realization - risk optimization - resource optimization
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
enterprise risk management


35. Riskit vs. COBIT
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
COBIT provides the means of risk management - Riskit provides the ends.
only known processes enabling
Saving the cost of damage (eg ALE) minus cost of mitigation


36. Audit risk consists of...
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
informations inherited
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
Tests - Extensive testing


37. Structure of the 32 COBIT processes mgmt.
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
Saving the cost of damage (eg ALE) minus cost of mitigation


38. CSFs
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
critical success factors
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going


39. Balanced scorecard - Learning and Growt

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


40. Risk analysis methodology
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
risk and risk response evaluation
Scenarios set in a risk environment
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication


41. Comprehensive audits
Saving the cost of damage (eg ALE) minus cost of mitigation
Tests - Extensive testing
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32


42. ISO 27000
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
The identification of measures that answer the question 'What must we excel at?'
informations inherited
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices


43. risk governance
risk and risk response evaluation
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
Preventive controls - detective controls - corrective controls (troubleshooting instructions)


44. Key principle of BPM
processes are assets that create value for the customer
inadequate or failed internal processes
Signature - statement - audit trail
only known processes enabling


45. Three different control categories?
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
COBIT provides the means of risk management - Riskit provides the ends.
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o


46. Function point analysis
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
risk and risk response evaluation


47. Refine the innovation process management
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits


48. ISO 31000
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
enterprise risk management
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI


49. Balanced scorecard - Internal Business Processes

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


50. 5 focus area of IT Governance
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency