SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CGEIT: Certified In The Governance Of Enterprise It
Start Test
Study First
Subjects
:
certifications
,
cgeit
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Inherent risk
risk and risk response evaluation
Encourages the identification of measures that answer the question 'How do customers see us?'
risk that the controls are inadequate
unavoidable risk
2. Control self assessment Self-assessment (kd) or a Control Self Assessment (CSA supervised self-assessment
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
implementation - information security - assurance - Risk
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
3. Risk analysis techniques
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
4. ISO 31000
Scenarios set in a risk environment
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
enterprise risk management
inadequate or failed internal processes
5. Control risk
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
risk that the controls are inadequate
6. Derivation Cobit practices / control objectives
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
7. Three different control categories?
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
Tests - Extensive testing
8. IT Strategy Committee
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
implementation - information security - assurance - Risk
VR level - integration and business strategy it - Chaired by a business executive / board member
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
9. Balanced scorecard - Learning and Growt
10. Best practices in dealing with policies Policies (not principles)
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
Financial - Operational - Reputation
quantitative risk analysis approach - damage cost per year * enter frequency
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
11. IT Steering Committee
executive tasks: prioritization - resource alloc - project tracking
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
The identification of measures that answer the question 'What must we excel at?'
informations inherited
12. Types of assertions
informations inherited
Signature - statement - audit trail
policy - principles - statements
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
13. Hierarchy of policies
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
informations inherited
COBIT provides the means of risk management - Riskit provides the ends.
policy - principles - statements
14. Establishing accountability
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
Saving the cost of damage (eg ALE) minus cost of mitigation
15. risk governance
risk and risk response evaluation
enterprise risk management
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
16. Detection risk
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
17. Entity level controls
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
risk that the controls are inadequate
risk and risk response evaluation
18. Balanced scorecard - Internal Business Processes
19. Refine the innovation process management
critical success factors
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
20. IT Governance and COBIT
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
21. Valit content framework
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
QA
22. Balanced scorecard - Customer
23. Risk analysis methodology
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
Scenarios set in a risk environment
Benefits realization - risk optimization - resource optimization
Trust Service Contracts
24. ISO 9000
QA
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
risk and risk response evaluation
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
25. COBIT framework
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
Financial - Operational - Reputation
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
26. 3 Governance Objectives
enterprise risk management
inadequate or failed internal processes
Benefits realization - risk optimization - resource optimization
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
27. Structure of the 32 COBIT processes mgmt.
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
Financial - Operational - Reputation
risk and risk response evaluation
28. The implementation phase of a (Gov. Compliance) Review
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
critical success factors
quantitative risk analysis approach - damage cost per year * enter frequency
29. Procedure for Governance Compliance Review
inadequate or failed internal processes
VR level - integration and business strategy it - Chaired by a business executive / board member
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
plan-prepare-execute-track-report
30. Riskit vs. COBIT
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
Saving the cost of damage (eg ALE) minus cost of mitigation
COBIT provides the means of risk management - Riskit provides the ends.
31. Return on security investment ROSI
implementation - information security - assurance - Risk
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
risk and risk response evaluation
Saving the cost of damage (eg ALE) minus cost of mitigation
32. KPI
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
risk that the controls are inadequate
33. 5 focus area of IT Governance
policy - principles - statements
Scenarios set in a risk environment
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
plan-prepare-execute-track-report
34. Risk appetite
Saving the cost of damage (eg ALE) minus cost of mitigation
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
To take the residual risk a company is willing risk
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
35. The 3 themes of the ICS economic / financial risk
quantitative risk analysis approach - damage cost per year * enter frequency
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
risk that the controls are inadequate
operational risk (HR - Law - Nature - IT) - reputational risk
36. A widely used definition of operational risk is the one contained in the Basel II [1] regulations. This definition states that operational risk is the risk of loss resulting from ____________ - people and systems - or from external events.
inadequate or failed internal processes
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
QA
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
37. Use of balanced scorecards
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
Tests - Extensive testing
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
38. The report stage of a review
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
Observations / findings - risks - recommendation / report
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
QA
39. Key principle of BPM
Trust Service Contracts
VR level - integration and business strategy it - Chaired by a business executive / board member
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
processes are assets that create value for the customer
40. ISO 27000
implementation - information security - assurance - Risk
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
informations inherited
41. Audit risk consists of...
inadequate or failed internal processes
Financial - Operational - Reputation
only known processes enabling
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
42. Value management
VR level - integration and business strategy it - Chaired by a business executive / board member
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
unavoidable risk
43. To address three types of risk in the ICS
COBIT provides the means of risk management - Riskit provides the ends.
Financial - Operational - Reputation
To take the residual risk a company is willing risk
Benefits realization - risk optimization - resource optimization
44. Balanced scorecard - Financial
45. Methods for continuous process improvement
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
only known processes enabling
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
46. Balanced scorecard (BSC)
critical success factors
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
risk and risk response evaluation
To take the residual risk a company is willing risk
47. ISO 9000
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
COBIT provides the means of risk management - Riskit provides the ends.
48. COBIT enabler guides
executive tasks: prioritization - resource alloc - project tracking
VR level - integration and business strategy it - Chaired by a business executive / board member
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
only known processes enabling
49. CSFs
executive tasks: prioritization - resource alloc - project tracking
only known processes enabling
critical success factors
VR level - integration and business strategy it - Chaired by a business executive / board member
50. Operational risk is...
