CGEIT: Certified In The Governance Of Enterprise It

Instructions:

• Answer 50 questions in 15 minutes.
• If you are not ready to take this test, you can study here.
• Match each statement with the correct term.
• Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Balanced scorecard - Learning and Growt

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


2. Function point analysis
operational risk (HR - Law - Nature - IT) - reputational risk
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
QA
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o


3. Risk analysis techniques
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
implementation - information security - assurance - Risk
Signature - statement - audit trail
Benefits realization - risk optimization - resource optimization


4. 5 focus area of IT Governance
Encourages the identification of measures that answer the question 'How do customers see us?'
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
only known processes enabling
executive tasks: prioritization - resource alloc - project tracking


5. The implementation phase of a (Gov. Compliance) Review
risk and risk response evaluation
executive tasks: prioritization - resource alloc - project tracking
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities


6. application vs. controls. IT general controls
enterprise risk management
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
COBIT provides the means of risk management - Riskit provides the ends.
executive tasks: prioritization - resource alloc - project tracking


7. Anual loss expectancy ALE
quantitative risk analysis approach - damage cost per year * enter frequency
executive tasks: prioritization - resource alloc - project tracking
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
inherent risk - control risk: insufficient control system - detection risk: insufficient testing


8. benefit management (Profit organization realization)
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
Benefits realization - risk optimization - resource optimization
risk and risk response evaluation


9. Three different control categories?
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
inadequate or failed internal processes
To take the residual risk a company is willing risk


10. The report stage of a review
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
Observations / findings - risks - recommendation / report
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32


11. A widely used definition of operational risk is the one contained in the Basel II [1] regulations. This definition states that operational risk is the risk of loss resulting from ____________ - people and systems - or from external events.
The identification of measures that answer the question 'What must we excel at?'
critical success factors
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
inadequate or failed internal processes


12. Valit content framework
plan-prepare-execute-track-report
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
Scenarios set in a risk environment


13. Risk analysis methodology
Scenarios set in a risk environment
unavoidable risk
risk and risk response evaluation
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'


14. Structure of the 32 COBIT processes mgmt.
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
inadequate or failed internal processes
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME


15. Control risk
risk that the controls are inadequate
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
Signature - statement - audit trail
inadequate or failed internal processes


16. Refine the innovation process management
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
Tests - Extensive testing
pain points - improvment opportunities
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication


17. IT governance life cycle
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p


18. Return on security investment ROSI
Saving the cost of damage (eg ALE) minus cost of mitigation
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
risk and risk response evaluation
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p


19. Control self assessment Self-assessment (kd) or a Control Self Assessment (CSA supervised self-assessment
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
only known processes enabling
Saving the cost of damage (eg ALE) minus cost of mitigation
policy - principles - statements


20. Detection risk
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
unavoidable risk
Encourages the identification of measures that answer the question 'How do customers see us?'
VR level - integration and business strategy it - Chaired by a business executive / board member


21. Balanced scorecard (BSC)
pain points - improvment opportunities
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects


22. ISO 27000
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
informations inherited
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI


23. Raci carts (RACI)
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
Benefits realization - risk optimization - resource optimization
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities


24. IT Governance and COBIT
plan-prepare-execute-track-report
Tests - Extensive testing
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
unavoidable risk


25. Methods for continuous process improvement
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
Saving the cost of damage (eg ALE) minus cost of mitigation
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.


26. ISO 9000
QA
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
Signature - statement - audit trail
implementation - information security - assurance - Risk


27. 3 Governance Objectives
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
executive tasks: prioritization - resource alloc - project tracking
Benefits realization - risk optimization - resource optimization


28. Good starting points forIT Gov
pain points - improvment opportunities
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
quantitative risk analysis approach - damage cost per year * enter frequency
operational risk (HR - Law - Nature - IT) - reputational risk


29. Types of assertions
Signature - statement - audit trail
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going


30. Escrow contracts
Financial - Operational - Reputation
Trust Service Contracts
VR level - integration and business strategy it - Chaired by a business executive / board member
informations inherited


31. IT Strategy Committee
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
enterprise risk management
VR level - integration and business strategy it - Chaired by a business executive / board member
critical success factors


32. Riskit vs. COBIT
only known processes enabling
To take the residual risk a company is willing risk
The identification of measures that answer the question 'What must we excel at?'
COBIT provides the means of risk management - Riskit provides the ends.


33. Procedure for Governance Compliance Review
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
critical success factors
unavoidable risk
plan-prepare-execute-track-report


34. Establishing accountability
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
executive tasks: prioritization - resource alloc - project tracking
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME


35. ISO 9000
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
quantitative risk analysis approach - damage cost per year * enter frequency
executive tasks: prioritization - resource alloc - project tracking
VR level - integration and business strategy it - Chaired by a business executive / board member


36. Key principle of BPM
critical success factors
processes are assets that create value for the customer
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o


37. COBIT enabler guides
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
enterprise risk management
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
only known processes enabling


38. Operational risk is...

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


39. Balanced scorecard - Internal Business Processes

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


40. Balanced scorecard - Financial

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


41. ISO 31000
Financial - Operational - Reputation
Saving the cost of damage (eg ALE) minus cost of mitigation
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
enterprise risk management


42. Entity level controls
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
Trust Service Contracts
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
plan-prepare-execute-track-report


43. Use of balanced scorecards
Saving the cost of damage (eg ALE) minus cost of mitigation
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
To take the residual risk a company is willing risk


44. Hierarchy of policies
Trust Service Contracts
policy - principles - statements
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
informations inherited


45. Risk appetite
To take the residual risk a company is willing risk
risk that the controls are inadequate
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin


46. Balanced scorecard - Customer

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


47. risk governance
Observations / findings - risks - recommendation / report
risk and risk response evaluation
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
only known processes enabling


48. Audit risk consists of...
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
critical success factors
informations inherited
To take the residual risk a company is willing risk


49. Comprehensive audits
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
enterprise risk management
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
Tests - Extensive testing


50. Risk treatment process
Benefits realization - risk optimization - resource optimization
pain points - improvment opportunities
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
risk that the controls are inadequate