SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CGEIT: Certified In The Governance Of Enterprise It
Start Test
Study First
Subjects
:
certifications
,
cgeit
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Risk analysis techniques
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
To take the residual risk a company is willing risk
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
2. Best practices in dealing with policies Policies (not principles)
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
Trust Service Contracts
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
3. Establishing accountability
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
inadequate or failed internal processes
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
4. Refine the innovation process management
VR level - integration and business strategy it - Chaired by a business executive / board member
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
Signature - statement - audit trail
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
5. benefit management (Profit organization realization)
risk and risk response evaluation
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
Trust Service Contracts
VR level - integration and business strategy it - Chaired by a business executive / board member
6. Hierarchy of policies
policy - principles - statements
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
only known processes enabling
risk that the controls are inadequate
7. CSFs
processes are assets that create value for the customer
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
critical success factors
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
8. Derivation Cobit practices / control objectives
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
unavoidable risk
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
9. Operational risk is...
10. COBIT enabler guides
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
only known processes enabling
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
11. Control risk
pain points - improvment opportunities
risk that the controls are inadequate
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
QA
12. Anual loss expectancy ALE
only known processes enabling
COBIT provides the means of risk management - Riskit provides the ends.
quantitative risk analysis approach - damage cost per year * enter frequency
Financial - Operational - Reputation
13. COBIT cascading goals
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
unavoidable risk
14. Risk treatment process
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
Scenarios set in a risk environment
processes are assets that create value for the customer
15. IT Strategy Committee
quantitative risk analysis approach - damage cost per year * enter frequency
Signature - statement - audit trail
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
VR level - integration and business strategy it - Chaired by a business executive / board member
16. Three different control categories?
inadequate or failed internal processes
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
17. application vs. controls. IT general controls
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
critical success factors
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
18. 5 focus area of IT Governance
The identification of measures that answer the question 'What must we excel at?'
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
COBIT provides the means of risk management - Riskit provides the ends.
19. Riskit vs. COBIT
Tests - Extensive testing
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
Observations / findings - risks - recommendation / report
COBIT provides the means of risk management - Riskit provides the ends.
20. Balanced scorecard - Learning and Growt
21. KPI
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
informations inherited
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
The identification of measures that answer the question 'What must we excel at?'
22. ISO 9000
Trust Service Contracts
Scenarios set in a risk environment
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
23. Balanced scorecard - Customer
24. COBIT framework
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
inadequate or failed internal processes
Scenarios set in a risk environment
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
25. Function point analysis
unavoidable risk
operational risk (HR - Law - Nature - IT) - reputational risk
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
26. Use of balanced scorecards
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
operational risk (HR - Law - Nature - IT) - reputational risk
Benefits realization - risk optimization - resource optimization
27. ISO 27000
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
informations inherited
pain points - improvment opportunities
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
28. The implementation phase of a (Gov. Compliance) Review
inadequate or failed internal processes
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
29. Detection risk
Tests - Extensive testing
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
30. Return on security investment ROSI
Saving the cost of damage (eg ALE) minus cost of mitigation
Benefits realization - risk optimization - resource optimization
unavoidable risk
Tests - Extensive testing
31. Audit risk consists of...
QA
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
VR level - integration and business strategy it - Chaired by a business executive / board member
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
32. ISO 9000
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
QA
executive tasks: prioritization - resource alloc - project tracking
33. Methods for continuous process improvement
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
unavoidable risk
Observations / findings - risks - recommendation / report
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
34. Good starting points forIT Gov
Saving the cost of damage (eg ALE) minus cost of mitigation
pain points - improvment opportunities
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
Benefits realization - risk optimization - resource optimization
35. Entity level controls
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
critical success factors
36. Types of assertions
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
Signature - statement - audit trail
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
37. Risk appetite
To take the residual risk a company is willing risk
implementation - information security - assurance - Risk
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
38. Key principle of BPM
enterprise risk management
processes are assets that create value for the customer
Financial - Operational - Reputation
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
39. Procedure for Governance Compliance Review
Signature - statement - audit trail
plan-prepare-execute-track-report
pain points - improvment opportunities
policy - principles - statements
40. Raci carts (RACI)
only known processes enabling
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
unavoidable risk
Signature - statement - audit trail
41. Balanced scorecard - Internal Business Processes
42. Balanced scorecard - Financial
43. IT Governance and COBIT
policy - principles - statements
The identification of measures that answer the question 'What must we excel at?'
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
44. COBIT professional guides
implementation - information security - assurance - Risk
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
informations inherited
quantitative risk analysis approach - damage cost per year * enter frequency
45. To address three types of risk in the ICS
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
Financial - Operational - Reputation
Saving the cost of damage (eg ALE) minus cost of mitigation
46. Value management
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
Saving the cost of damage (eg ALE) minus cost of mitigation
executive tasks: prioritization - resource alloc - project tracking
The identification of measures that answer the question 'What must we excel at?'
47. IT governance life cycle
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
QA
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
risk that the controls are inadequate
48. Valit content framework
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
implementation - information security - assurance - Risk
49. Inherent risk
unavoidable risk
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
50. IT Steering Committee
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
executive tasks: prioritization - resource alloc - project tracking
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
