CGEIT: Certified In The Governance Of Enterprise It

Instructions:

• Answer 50 questions in 15 minutes.
• If you are not ready to take this test, you can study here.
• Match each statement with the correct term.
• Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Control risk
operational risk (HR - Law - Nature - IT) - reputational risk
risk that the controls are inadequate
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32


2. Detection risk
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
QA


3. Escrow contracts
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
unavoidable risk
Trust Service Contracts
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin


4. Refine the innovation process management
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
To take the residual risk a company is willing risk
pain points - improvment opportunities
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication


5. Audit risk consists of...
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
Scenarios set in a risk environment
unavoidable risk
Encourages the identification of measures that answer the question 'How do customers see us?'


6. 5 focus area of IT Governance
unavoidable risk
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
Trust Service Contracts


7. ISO 27000
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
informations inherited
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin


8. Balanced scorecard - Financial

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


9. Risk analysis techniques
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
inadequate or failed internal processes
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised


10. IT Steering Committee
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
QA
executive tasks: prioritization - resource alloc - project tracking
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi


11. KPI
only known processes enabling
unavoidable risk
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv


12. The report stage of a review
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
inadequate or failed internal processes
risk that the controls are inadequate
Observations / findings - risks - recommendation / report


13. Risk analysis methodology
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
Scenarios set in a risk environment


14. Risk appetite
To take the residual risk a company is willing risk
risk and risk response evaluation
The identification of measures that answer the question 'What must we excel at?'
Preventive controls - detective controls - corrective controls (troubleshooting instructions)


15. CSFs
executive tasks: prioritization - resource alloc - project tracking
inadequate or failed internal processes
critical success factors
Scenarios set in a risk environment


16. Procedure for Governance Compliance Review
plan-prepare-execute-track-report
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits


17. Comprehensive audits
critical success factors
executive tasks: prioritization - resource alloc - project tracking
Scenarios set in a risk environment
Tests - Extensive testing


18. risk governance
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
risk and risk response evaluation
unavoidable risk


19. COBIT enabler guides
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
only known processes enabling
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '


20. Structure of the 32 COBIT processes mgmt.
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
Signature - statement - audit trail
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '


21. Good starting points forIT Gov
pain points - improvment opportunities
VR level - integration and business strategy it - Chaired by a business executive / board member
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency


22. Three different control categories?
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
risk that the controls are inadequate


23. COBIT framework
COBIT provides the means of risk management - Riskit provides the ends.
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model


24. COBIT cascading goals
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
Trust Service Contracts
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '


25. Risk treatment process
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
plan-prepare-execute-track-report
To take the residual risk a company is willing risk
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener


26. Balanced scorecard - Customer

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


27. Raci carts (RACI)
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
The identification of measures that answer the question 'What must we excel at?'


28. Value management
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation


29. ISO 31000
operational risk (HR - Law - Nature - IT) - reputational risk
QA
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
enterprise risk management


30. 3 Governance Objectives
VR level - integration and business strategy it - Chaired by a business executive / board member
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
Benefits realization - risk optimization - resource optimization


31. Use of balanced scorecards
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model


32. Function point analysis
Scenarios set in a risk environment
critical success factors
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o


33. COBIT professional guides
QA
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
To take the residual risk a company is willing risk
implementation - information security - assurance - Risk


34. Key principle of BPM
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
VR level - integration and business strategy it - Chaired by a business executive / board member
processes are assets that create value for the customer
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o


35. Balanced scorecard - Internal Business Processes

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


36. Hierarchy of policies
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
policy - principles - statements
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals


37. To address three types of risk in the ICS
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
Financial - Operational - Reputation
pain points - improvment opportunities
To take the residual risk a company is willing risk


38. ISO 9000
QA
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
Observations / findings - risks - recommendation / report
risk that the controls are inadequate


39. Entity level controls
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
Observations / findings - risks - recommendation / report
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener


40. Inherent risk
inadequate or failed internal processes
unavoidable risk
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
VR level - integration and business strategy it - Chaired by a business executive / board member


41. ISO 9000
informations inherited
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
unavoidable risk
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi


42. Balanced scorecard - Learning and Growt

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


43. Establishing accountability
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
Tests - Extensive testing
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)


44. Operational risk is...

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


45. IT Governance and COBIT
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
Observations / findings - risks - recommendation / report


46. Riskit vs. COBIT
COBIT provides the means of risk management - Riskit provides the ends.
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
pain points - improvment opportunities
Encourages the identification of measures that answer the question 'How do customers see us?'


47. Return on security investment ROSI
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
Saving the cost of damage (eg ALE) minus cost of mitigation
implementation - information security - assurance - Risk


48. application vs. controls. IT general controls
VR level - integration and business strategy it - Chaired by a business executive / board member
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
To take the residual risk a company is willing risk
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation


49. Valit content framework
Tests - Extensive testing
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
QA
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32


50. IT governance life cycle
operational risk (HR - Law - Nature - IT) - reputational risk
implementation - information security - assurance - Risk
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation