SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CGEIT: Certified In The Governance Of Enterprise It
Start Test
Study First
Subjects
:
certifications
,
cgeit
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. COBIT framework
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
inadequate or failed internal processes
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
Observations / findings - risks - recommendation / report
2. Return on security investment ROSI
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
Saving the cost of damage (eg ALE) minus cost of mitigation
3. Function point analysis
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
Trust Service Contracts
policy - principles - statements
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
4. Riskit vs. COBIT
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
inadequate or failed internal processes
COBIT provides the means of risk management - Riskit provides the ends.
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
5. Balanced scorecard (BSC)
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
risk and risk response evaluation
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
6. IT Steering Committee
Tests - Extensive testing
executive tasks: prioritization - resource alloc - project tracking
implementation - information security - assurance - Risk
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
7. Types of assertions
quantitative risk analysis approach - damage cost per year * enter frequency
Signature - statement - audit trail
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
8. Procedure for Governance Compliance Review
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
plan-prepare-execute-track-report
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
9. Raci carts (RACI)
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
10. Use of balanced scorecards
quantitative risk analysis approach - damage cost per year * enter frequency
Benefits realization - risk optimization - resource optimization
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
11. Comprehensive audits
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
Tests - Extensive testing
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
12. The implementation phase of a (Gov. Compliance) Review
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
informations inherited
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
Observations / findings - risks - recommendation / report
13. COBIT enabler guides
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
Financial - Operational - Reputation
only known processes enabling
implementation - information security - assurance - Risk
14. Three different control categories?
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
QA
informations inherited
critical success factors
15. The 3 themes of the ICS economic / financial risk
Tests - Extensive testing
risk that the controls are inadequate
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
operational risk (HR - Law - Nature - IT) - reputational risk
16. Anual loss expectancy ALE
Observations / findings - risks - recommendation / report
policy - principles - statements
quantitative risk analysis approach - damage cost per year * enter frequency
Financial - Operational - Reputation
17. application vs. controls. IT general controls
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
plan-prepare-execute-track-report
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
18. ISO 27000
informations inherited
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
19. Value management
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
quantitative risk analysis approach - damage cost per year * enter frequency
20. Control risk
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
quantitative risk analysis approach - damage cost per year * enter frequency
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
risk that the controls are inadequate
21. Good starting points forIT Gov
plan-prepare-execute-track-report
pain points - improvment opportunities
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
risk that the controls are inadequate
22. Audit risk consists of...
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
VR level - integration and business strategy it - Chaired by a business executive / board member
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
23. benefit management (Profit organization realization)
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
24. 3 Governance Objectives
only known processes enabling
operational risk (HR - Law - Nature - IT) - reputational risk
Benefits realization - risk optimization - resource optimization
The identification of measures that answer the question 'What must we excel at?'
25. Escrow contracts
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
Trust Service Contracts
Financial - Operational - Reputation
26. Key principle of BPM
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
processes are assets that create value for the customer
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
27. Balanced scorecard - Customer
28. Entity level controls
Benefits realization - risk optimization - resource optimization
processes are assets that create value for the customer
QA
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
29. IT Strategy Committee
Financial - Operational - Reputation
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
VR level - integration and business strategy it - Chaired by a business executive / board member
enterprise risk management
30. The report stage of a review
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
Signature - statement - audit trail
Observations / findings - risks - recommendation / report
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
31. risk governance
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
risk and risk response evaluation
implementation - information security - assurance - Risk
32. Balanced scorecard - Financial
33. A widely used definition of operational risk is the one contained in the Basel II [1] regulations. This definition states that operational risk is the risk of loss resulting from ____________ - people and systems - or from external events.
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
inadequate or failed internal processes
Trust Service Contracts
operational risk (HR - Law - Nature - IT) - reputational risk
34. Risk appetite
Financial - Operational - Reputation
To take the residual risk a company is willing risk
implementation - information security - assurance - Risk
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
35. Methods for continuous process improvement
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
Encourages the identification of measures that answer the question 'How do customers see us?'
executive tasks: prioritization - resource alloc - project tracking
36. Balanced scorecard - Internal Business Processes
37. Risk analysis techniques
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
quantitative risk analysis approach - damage cost per year * enter frequency
Encourages the identification of measures that answer the question 'How do customers see us?'
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
38. KPI
quantitative risk analysis approach - damage cost per year * enter frequency
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
VR level - integration and business strategy it - Chaired by a business executive / board member
39. 5 focus area of IT Governance
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
40. IT Governance and COBIT
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
executive tasks: prioritization - resource alloc - project tracking
41. Risk analysis methodology
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
processes are assets that create value for the customer
Scenarios set in a risk environment
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
42. ISO 9000
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
43. Establishing accountability
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
informations inherited
To take the residual risk a company is willing risk
44. Refine the innovation process management
COBIT provides the means of risk management - Riskit provides the ends.
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
inadequate or failed internal processes
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
45. IT governance life cycle
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
Encourages the identification of measures that answer the question 'How do customers see us?'
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
46. Structure of the 32 COBIT processes mgmt.
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
operational risk (HR - Law - Nature - IT) - reputational risk
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
47. Hierarchy of policies
policy - principles - statements
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
48. Balanced scorecard - Learning and Growt
49. Derivation Cobit practices / control objectives
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
unavoidable risk
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
Benefits realization - risk optimization - resource optimization
50. ISO 31000
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
COBIT provides the means of risk management - Riskit provides the ends.
only known processes enabling
enterprise risk management
