SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CGEIT: Certified In The Governance Of Enterprise It
Start Test
Study First
Subjects
:
certifications
,
cgeit
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. IT Strategy Committee
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
VR level - integration and business strategy it - Chaired by a business executive / board member
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
2. COBIT enabler guides
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
executive tasks: prioritization - resource alloc - project tracking
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
only known processes enabling
3. Risk appetite
To take the residual risk a company is willing risk
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
informations inherited
4. A widely used definition of operational risk is the one contained in the Basel II [1] regulations. This definition states that operational risk is the risk of loss resulting from ____________ - people and systems - or from external events.
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
inadequate or failed internal processes
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
5. Value management
pain points - improvment opportunities
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
enterprise risk management
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
6. Best practices in dealing with policies Policies (not principles)
Scenarios set in a risk environment
Trust Service Contracts
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
7. CSFs
policy - principles - statements
critical success factors
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
only known processes enabling
8. 5 focus area of IT Governance
implementation - information security - assurance - Risk
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
The identification of measures that answer the question 'What must we excel at?'
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
9. Inherent risk
QA
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
unavoidable risk
VR level - integration and business strategy it - Chaired by a business executive / board member
10. application vs. controls. IT general controls
Financial - Operational - Reputation
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
Scenarios set in a risk environment
implementation - information security - assurance - Risk
11. Detection risk
quantitative risk analysis approach - damage cost per year * enter frequency
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
12. 3 Governance Objectives
Benefits realization - risk optimization - resource optimization
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
Tests - Extensive testing
policy - principles - statements
13. Balanced scorecard (BSC)
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
14. Procedure for Governance Compliance Review
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
Trust Service Contracts
plan-prepare-execute-track-report
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
15. Hierarchy of policies
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
policy - principles - statements
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
Tests - Extensive testing
16. Balanced scorecard - Learning and Growt
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
17. Return on security investment ROSI
executive tasks: prioritization - resource alloc - project tracking
Saving the cost of damage (eg ALE) minus cost of mitigation
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
Scenarios set in a risk environment
18. Control self assessment Self-assessment (kd) or a Control Self Assessment (CSA supervised self-assessment
risk that the controls are inadequate
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
19. Risk analysis methodology
Scenarios set in a risk environment
inadequate or failed internal processes
processes are assets that create value for the customer
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
20. ISO 27000
risk that the controls are inadequate
informations inherited
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
implementation - information security - assurance - Risk
21. Use of balanced scorecards
operational risk (HR - Law - Nature - IT) - reputational risk
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
informations inherited
22. Comprehensive audits
critical success factors
Tests - Extensive testing
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
23. Audit risk consists of...
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
Signature - statement - audit trail
processes are assets that create value for the customer
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
24. Establishing accountability
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
Benefits realization - risk optimization - resource optimization
25. Good starting points forIT Gov
pain points - improvment opportunities
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
26. Riskit vs. COBIT
COBIT provides the means of risk management - Riskit provides the ends.
The identification of measures that answer the question 'What must we excel at?'
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
27. Derivation Cobit practices / control objectives
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
policy - principles - statements
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
28. Anual loss expectancy ALE
quantitative risk analysis approach - damage cost per year * enter frequency
To take the residual risk a company is willing risk
risk and risk response evaluation
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
29. ISO 9000
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
policy - principles - statements
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
30. COBIT framework
QA
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
operational risk (HR - Law - Nature - IT) - reputational risk
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
31. Risk treatment process
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
To take the residual risk a company is willing risk
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
32. ISO 9000
QA
enterprise risk management
COBIT provides the means of risk management - Riskit provides the ends.
Benefits realization - risk optimization - resource optimization
33. Methods for continuous process improvement
policy - principles - statements
QA
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
Benefits realization - risk optimization - resource optimization
34. Control risk
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
risk that the controls are inadequate
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
35. The implementation phase of a (Gov. Compliance) Review
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
36. To address three types of risk in the ICS
enterprise risk management
Financial - Operational - Reputation
implementation - information security - assurance - Risk
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
37. benefit management (Profit organization realization)
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
Signature - statement - audit trail
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
38. Raci carts (RACI)
The identification of measures that answer the question 'What must we excel at?'
plan-prepare-execute-track-report
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
39. Risk analysis techniques
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
40. Valit content framework
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
41. Entity level controls
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
42. Refine the innovation process management
informations inherited
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
Encourages the identification of measures that answer the question 'How do customers see us?'
enterprise risk management
43. COBIT professional guides
implementation - information security - assurance - Risk
Benefits realization - risk optimization - resource optimization
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
44. COBIT cascading goals
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
QA
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
Benefits realization - risk optimization - resource optimization
45. Structure of the 32 COBIT processes mgmt.
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
Benefits realization - risk optimization - resource optimization
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
46. risk governance
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
risk and risk response evaluation
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
47. Balanced scorecard - Customer
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
48. Escrow contracts
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
Encourages the identification of measures that answer the question 'How do customers see us?'
Trust Service Contracts
executive tasks: prioritization - resource alloc - project tracking
49. Three different control categories?
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
operational risk (HR - Law - Nature - IT) - reputational risk
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
50. ISO 31000
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
only known processes enabling
enterprise risk management
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
