SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CGEIT: Certified In The Governance Of Enterprise It
Start Test
Study First
Subjects
:
certifications
,
cgeit
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. IT Governance and COBIT
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
critical success factors
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
2. Detection risk
plan-prepare-execute-track-report
operational risk (HR - Law - Nature - IT) - reputational risk
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
3. COBIT framework
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
Tests - Extensive testing
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
4. Derivation Cobit practices / control objectives
enterprise risk management
COBIT provides the means of risk management - Riskit provides the ends.
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
5. IT Strategy Committee
critical success factors
VR level - integration and business strategy it - Chaired by a business executive / board member
unavoidable risk
risk that the controls are inadequate
6. ISO 27000
informations inherited
Tests - Extensive testing
policy - principles - statements
enterprise risk management
7. Control risk
Tests - Extensive testing
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
risk that the controls are inadequate
Financial - Operational - Reputation
8. COBIT cascading goals
The identification of measures that answer the question 'What must we excel at?'
processes are assets that create value for the customer
VR level - integration and business strategy it - Chaired by a business executive / board member
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
9. The report stage of a review
plan-prepare-execute-track-report
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
Observations / findings - risks - recommendation / report
10. Operational risk is...
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
11. Return on security investment ROSI
Saving the cost of damage (eg ALE) minus cost of mitigation
The identification of measures that answer the question 'What must we excel at?'
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
COBIT provides the means of risk management - Riskit provides the ends.
12. Anual loss expectancy ALE
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
COBIT provides the means of risk management - Riskit provides the ends.
plan-prepare-execute-track-report
quantitative risk analysis approach - damage cost per year * enter frequency
13. IT governance life cycle
inadequate or failed internal processes
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
14. Balanced scorecard - Financial
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
15. Valit content framework
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
16. 5 focus area of IT Governance
Observations / findings - risks - recommendation / report
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
Benefits realization - risk optimization - resource optimization
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
17. Procedure for Governance Compliance Review
critical success factors
plan-prepare-execute-track-report
inadequate or failed internal processes
QA
18. Inherent risk
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
processes are assets that create value for the customer
COBIT provides the means of risk management - Riskit provides the ends.
unavoidable risk
19. Balanced scorecard - Internal Business Processes
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
20. Balanced scorecard (BSC)
To take the residual risk a company is willing risk
quantitative risk analysis approach - damage cost per year * enter frequency
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
21. Balanced scorecard - Learning and Growt
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
22. 3 Governance Objectives
Observations / findings - risks - recommendation / report
Benefits realization - risk optimization - resource optimization
critical success factors
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
23. Risk treatment process
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
implementation - information security - assurance - Risk
inadequate or failed internal processes
risk that the controls are inadequate
24. Risk analysis methodology
Scenarios set in a risk environment
critical success factors
Encourages the identification of measures that answer the question 'How do customers see us?'
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
25. Risk analysis techniques
Encourages the identification of measures that answer the question 'How do customers see us?'
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
plan-prepare-execute-track-report
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
26. Raci carts (RACI)
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
plan-prepare-execute-track-report
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
27. COBIT professional guides
policy - principles - statements
The identification of measures that answer the question 'What must we excel at?'
implementation - information security - assurance - Risk
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
28. benefit management (Profit organization realization)
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
29. Control self assessment Self-assessment (kd) or a Control Self Assessment (CSA supervised self-assessment
executive tasks: prioritization - resource alloc - project tracking
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
30. The 3 themes of the ICS economic / financial risk
Observations / findings - risks - recommendation / report
operational risk (HR - Law - Nature - IT) - reputational risk
Saving the cost of damage (eg ALE) minus cost of mitigation
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
31. Risk appetite
To take the residual risk a company is willing risk
Scenarios set in a risk environment
critical success factors
The identification of measures that answer the question 'What must we excel at?'
32. IT Steering Committee
operational risk (HR - Law - Nature - IT) - reputational risk
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
executive tasks: prioritization - resource alloc - project tracking
Tests - Extensive testing
33. To address three types of risk in the ICS
Financial - Operational - Reputation
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
COBIT provides the means of risk management - Riskit provides the ends.
34. Balanced scorecard - Customer
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
35. Good starting points forIT Gov
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
pain points - improvment opportunities
Scenarios set in a risk environment
inadequate or failed internal processes
36. Value management
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
Trust Service Contracts
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
37. Escrow contracts
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
operational risk (HR - Law - Nature - IT) - reputational risk
Trust Service Contracts
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
38. ISO 9000
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
Observations / findings - risks - recommendation / report
39. Key principle of BPM
executive tasks: prioritization - resource alloc - project tracking
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
processes are assets that create value for the customer
40. Hierarchy of policies
policy - principles - statements
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
processes are assets that create value for the customer
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
41. Refine the innovation process management
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
To take the residual risk a company is willing risk
42. application vs. controls. IT general controls
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
The identification of measures that answer the question 'What must we excel at?'
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
quantitative risk analysis approach - damage cost per year * enter frequency
43. Methods for continuous process improvement
risk and risk response evaluation
critical success factors
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
The identification of measures that answer the question 'What must we excel at?'
44. Types of assertions
Scenarios set in a risk environment
executive tasks: prioritization - resource alloc - project tracking
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
Signature - statement - audit trail
45. Entity level controls
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
Benefits realization - risk optimization - resource optimization
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
46. ISO 31000
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
enterprise risk management
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
47. risk governance
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
risk and risk response evaluation
48. Structure of the 32 COBIT processes mgmt.
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
49. Best practices in dealing with policies Policies (not principles)
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
50. Function point analysis
plan-prepare-execute-track-report
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
Scenarios set in a risk environment
processes are assets that create value for the customer