SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CGEIT: Certified In The Governance Of Enterprise It
Start Test
Study First
Subjects
:
certifications
,
cgeit
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Methods for continuous process improvement
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
Saving the cost of damage (eg ALE) minus cost of mitigation
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
2. Key principle of BPM
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
processes are assets that create value for the customer
3. The 3 themes of the ICS economic / financial risk
Benefits realization - risk optimization - resource optimization
operational risk (HR - Law - Nature - IT) - reputational risk
Tests - Extensive testing
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
4. Three different control categories?
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
informations inherited
5. risk governance
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
risk and risk response evaluation
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
6. KPI
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
Saving the cost of damage (eg ALE) minus cost of mitigation
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
7. Risk appetite
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
Observations / findings - risks - recommendation / report
COBIT provides the means of risk management - Riskit provides the ends.
To take the residual risk a company is willing risk
8. Function point analysis
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
Scenarios set in a risk environment
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
9. Balanced scorecard (BSC)
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
risk and risk response evaluation
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
10. Comprehensive audits
Tests - Extensive testing
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
only known processes enabling
Trust Service Contracts
11. Establishing accountability
QA
Financial - Operational - Reputation
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
12. Balanced scorecard - Internal Business Processes
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
13. Operational risk is...
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
14. Refine the innovation process management
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
inadequate or failed internal processes
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
15. Inherent risk
unavoidable risk
enterprise risk management
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
The identification of measures that answer the question 'What must we excel at?'
16. IT Steering Committee
executive tasks: prioritization - resource alloc - project tracking
Saving the cost of damage (eg ALE) minus cost of mitigation
pain points - improvment opportunities
quantitative risk analysis approach - damage cost per year * enter frequency
17. Derivation Cobit practices / control objectives
risk that the controls are inadequate
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
18. Control risk
operational risk (HR - Law - Nature - IT) - reputational risk
risk that the controls are inadequate
inadequate or failed internal processes
Scenarios set in a risk environment
19. Balanced scorecard - Learning and Growt
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
20. Escrow contracts
Saving the cost of damage (eg ALE) minus cost of mitigation
Trust Service Contracts
processes are assets that create value for the customer
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
21. Anual loss expectancy ALE
quantitative risk analysis approach - damage cost per year * enter frequency
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
22. Audit risk consists of...
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
critical success factors
23. Value management
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
implementation - information security - assurance - Risk
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
24. Use of balanced scorecards
only known processes enabling
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
25. A widely used definition of operational risk is the one contained in the Basel II [1] regulations. This definition states that operational risk is the risk of loss resulting from ____________ - people and systems - or from external events.
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
inadequate or failed internal processes
plan-prepare-execute-track-report
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
26. Entity level controls
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
Trust Service Contracts
risk and risk response evaluation
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
27. ISO 9000
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
QA
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
28. Types of assertions
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
Signature - statement - audit trail
29. To address three types of risk in the ICS
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
Financial - Operational - Reputation
informations inherited
Signature - statement - audit trail
30. Risk treatment process
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
Tests - Extensive testing
unavoidable risk
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
31. Best practices in dealing with policies Policies (not principles)
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
only known processes enabling
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
32. Hierarchy of policies
implementation - information security - assurance - Risk
Encourages the identification of measures that answer the question 'How do customers see us?'
policy - principles - statements
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
33. Balanced scorecard - Financial
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
34. benefit management (Profit organization realization)
inadequate or failed internal processes
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
To take the residual risk a company is willing risk
enterprise risk management
35. Risk analysis techniques
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
36. IT Governance and COBIT
The identification of measures that answer the question 'What must we excel at?'
executive tasks: prioritization - resource alloc - project tracking
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
37. 3 Governance Objectives
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
Benefits realization - risk optimization - resource optimization
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
38. 5 focus area of IT Governance
pain points - improvment opportunities
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
39. Control self assessment Self-assessment (kd) or a Control Self Assessment (CSA supervised self-assessment
inadequate or failed internal processes
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
implementation - information security - assurance - Risk
enterprise risk management
40. COBIT cascading goals
Benefits realization - risk optimization - resource optimization
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
41. COBIT professional guides
Encourages the identification of measures that answer the question 'How do customers see us?'
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
implementation - information security - assurance - Risk
Scenarios set in a risk environment
42. Risk analysis methodology
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
Encourages the identification of measures that answer the question 'How do customers see us?'
Scenarios set in a risk environment
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
43. The implementation phase of a (Gov. Compliance) Review
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
VR level - integration and business strategy it - Chaired by a business executive / board member
44. Good starting points forIT Gov
pain points - improvment opportunities
VR level - integration and business strategy it - Chaired by a business executive / board member
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
risk that the controls are inadequate
45. The report stage of a review
pain points - improvment opportunities
The identification of measures that answer the question 'What must we excel at?'
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
Observations / findings - risks - recommendation / report
46. Return on security investment ROSI
quantitative risk analysis approach - damage cost per year * enter frequency
critical success factors
Saving the cost of damage (eg ALE) minus cost of mitigation
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
47. ISO 9000
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
Benefits realization - risk optimization - resource optimization
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
48. application vs. controls. IT general controls
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
49. Structure of the 32 COBIT processes mgmt.
Financial - Operational - Reputation
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
risk that the controls are inadequate
Observations / findings - risks - recommendation / report
50. Procedure for Governance Compliance Review
Saving the cost of damage (eg ALE) minus cost of mitigation
The identification of measures that answer the question 'What must we excel at?'
policy - principles - statements
plan-prepare-execute-track-report
