SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CGEIT: Certified In The Governance Of Enterprise It
Start Test
Study First
Subjects
:
certifications
,
cgeit
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Entity level controls
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
only known processes enabling
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
2. Detection risk
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
Encourages the identification of measures that answer the question 'How do customers see us?'
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
policy - principles - statements
3. IT Steering Committee
executive tasks: prioritization - resource alloc - project tracking
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
4. Methods for continuous process improvement
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
QA
inadequate or failed internal processes
risk and risk response evaluation
5. ISO 27000
informations inherited
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
6. ISO 31000
enterprise risk management
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
7. benefit management (Profit organization realization)
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
8. Function point analysis
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
Scenarios set in a risk environment
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
9. Derivation Cobit practices / control objectives
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
operational risk (HR - Law - Nature - IT) - reputational risk
10. Key principle of BPM
executive tasks: prioritization - resource alloc - project tracking
processes are assets that create value for the customer
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
11. Three different control categories?
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
operational risk (HR - Law - Nature - IT) - reputational risk
12. Structure of the 32 COBIT processes mgmt.
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
quantitative risk analysis approach - damage cost per year * enter frequency
13. COBIT cascading goals
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
enterprise risk management
QA
14. The 3 themes of the ICS economic / financial risk
operational risk (HR - Law - Nature - IT) - reputational risk
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
only known processes enabling
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
15. ISO 9000
critical success factors
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
implementation - information security - assurance - Risk
QA
16. A widely used definition of operational risk is the one contained in the Basel II [1] regulations. This definition states that operational risk is the risk of loss resulting from ____________ - people and systems - or from external events.
inadequate or failed internal processes
Signature - statement - audit trail
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
Saving the cost of damage (eg ALE) minus cost of mitigation
17. Audit risk consists of...
inadequate or failed internal processes
critical success factors
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
18. application vs. controls. IT general controls
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
Encourages the identification of measures that answer the question 'How do customers see us?'
enterprise risk management
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
19. Anual loss expectancy ALE
Encourages the identification of measures that answer the question 'How do customers see us?'
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
enterprise risk management
quantitative risk analysis approach - damage cost per year * enter frequency
20. risk governance
Signature - statement - audit trail
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
risk and risk response evaluation
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
21. Control risk
risk that the controls are inadequate
policy - principles - statements
Observations / findings - risks - recommendation / report
plan-prepare-execute-track-report
22. CSFs
Encourages the identification of measures that answer the question 'How do customers see us?'
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
risk that the controls are inadequate
critical success factors
23. Risk appetite
inadequate or failed internal processes
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
Signature - statement - audit trail
To take the residual risk a company is willing risk
24. To address three types of risk in the ICS
Financial - Operational - Reputation
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
Encourages the identification of measures that answer the question 'How do customers see us?'
Benefits realization - risk optimization - resource optimization
25. Control self assessment Self-assessment (kd) or a Control Self Assessment (CSA supervised self-assessment
COBIT provides the means of risk management - Riskit provides the ends.
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
operational risk (HR - Law - Nature - IT) - reputational risk
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
26. Refine the innovation process management
inadequate or failed internal processes
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
only known processes enabling
27. Risk analysis techniques
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
Trust Service Contracts
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
enterprise risk management
28. IT Strategy Committee
Saving the cost of damage (eg ALE) minus cost of mitigation
Trust Service Contracts
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
VR level - integration and business strategy it - Chaired by a business executive / board member
29. The implementation phase of a (Gov. Compliance) Review
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
Trust Service Contracts
processes are assets that create value for the customer
30. Riskit vs. COBIT
only known processes enabling
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
COBIT provides the means of risk management - Riskit provides the ends.
31. COBIT enabler guides
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
only known processes enabling
VR level - integration and business strategy it - Chaired by a business executive / board member
32. 3 Governance Objectives
VR level - integration and business strategy it - Chaired by a business executive / board member
Benefits realization - risk optimization - resource optimization
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
33. Balanced scorecard - Learning and Growt
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
34. Procedure for Governance Compliance Review
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
plan-prepare-execute-track-report
pain points - improvment opportunities
inadequate or failed internal processes
35. Hierarchy of policies
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
Scenarios set in a risk environment
processes are assets that create value for the customer
policy - principles - statements
36. Use of balanced scorecards
risk and risk response evaluation
risk that the controls are inadequate
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
Observations / findings - risks - recommendation / report
37. Operational risk is...
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
38. Comprehensive audits
Tests - Extensive testing
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
VR level - integration and business strategy it - Chaired by a business executive / board member
39. Establishing accountability
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
only known processes enabling
40. Balanced scorecard (BSC)
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
Benefits realization - risk optimization - resource optimization
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
41. The report stage of a review
Observations / findings - risks - recommendation / report
operational risk (HR - Law - Nature - IT) - reputational risk
policy - principles - statements
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
42. Return on security investment ROSI
Saving the cost of damage (eg ALE) minus cost of mitigation
Signature - statement - audit trail
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
43. Escrow contracts
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
Trust Service Contracts
Saving the cost of damage (eg ALE) minus cost of mitigation
operational risk (HR - Law - Nature - IT) - reputational risk
44. Valit content framework
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
COBIT provides the means of risk management - Riskit provides the ends.
45. 5 focus area of IT Governance
Trust Service Contracts
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
COBIT provides the means of risk management - Riskit provides the ends.
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
46. ISO 9000
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
executive tasks: prioritization - resource alloc - project tracking
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
The identification of measures that answer the question 'What must we excel at?'
47. Balanced scorecard - Financial
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
48. Risk analysis methodology
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
Scenarios set in a risk environment
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
49. Best practices in dealing with policies Policies (not principles)
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
risk and risk response evaluation
VR level - integration and business strategy it - Chaired by a business executive / board member
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
50. Good starting points forIT Gov
Saving the cost of damage (eg ALE) minus cost of mitigation
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
pain points - improvment opportunities
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model