SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CGEIT: Certified In The Governance Of Enterprise It
Start Test
Study First
Subjects
:
certifications
,
cgeit
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Use of balanced scorecards
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
policy - principles - statements
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
2. ISO 27000
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
plan-prepare-execute-track-report
informations inherited
3. Detection risk
To take the residual risk a company is willing risk
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
4. A widely used definition of operational risk is the one contained in the Basel II [1] regulations. This definition states that operational risk is the risk of loss resulting from ____________ - people and systems - or from external events.
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
inadequate or failed internal processes
To take the residual risk a company is willing risk
5. IT Strategy Committee
risk and risk response evaluation
Saving the cost of damage (eg ALE) minus cost of mitigation
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
VR level - integration and business strategy it - Chaired by a business executive / board member
6. Balanced scorecard - Internal Business Processes
7. risk governance
The identification of measures that answer the question 'What must we excel at?'
unavoidable risk
VR level - integration and business strategy it - Chaired by a business executive / board member
risk and risk response evaluation
8. Valit content framework
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
Signature - statement - audit trail
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
Benefits realization - risk optimization - resource optimization
9. ISO 31000
VR level - integration and business strategy it - Chaired by a business executive / board member
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
enterprise risk management
10. Audit risk consists of...
Observations / findings - risks - recommendation / report
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
11. Operational risk is...
12. Balanced scorecard - Customer
13. Inherent risk
risk that the controls are inadequate
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
unavoidable risk
processes are assets that create value for the customer
14. Procedure for Governance Compliance Review
plan-prepare-execute-track-report
Saving the cost of damage (eg ALE) minus cost of mitigation
Trust Service Contracts
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
15. Balanced scorecard (BSC)
operational risk (HR - Law - Nature - IT) - reputational risk
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
16. COBIT framework
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
VR level - integration and business strategy it - Chaired by a business executive / board member
17. Good starting points forIT Gov
Saving the cost of damage (eg ALE) minus cost of mitigation
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
pain points - improvment opportunities
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
18. ISO 9000
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
Financial - Operational - Reputation
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
19. The 3 themes of the ICS economic / financial risk
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
operational risk (HR - Law - Nature - IT) - reputational risk
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
20. IT Steering Committee
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
executive tasks: prioritization - resource alloc - project tracking
risk that the controls are inadequate
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
21. KPI
Tests - Extensive testing
Scenarios set in a risk environment
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
22. benefit management (Profit organization realization)
plan-prepare-execute-track-report
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
informations inherited
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
23. Establishing accountability
Saving the cost of damage (eg ALE) minus cost of mitigation
only known processes enabling
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
executive tasks: prioritization - resource alloc - project tracking
24. Anual loss expectancy ALE
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
Encourages the identification of measures that answer the question 'How do customers see us?'
quantitative risk analysis approach - damage cost per year * enter frequency
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
25. COBIT enabler guides
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
QA
only known processes enabling
26. IT governance life cycle
VR level - integration and business strategy it - Chaired by a business executive / board member
implementation - information security - assurance - Risk
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
plan-prepare-execute-track-report
27. COBIT professional guides
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
implementation - information security - assurance - Risk
To take the residual risk a company is willing risk
Observations / findings - risks - recommendation / report
28. Types of assertions
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
Signature - statement - audit trail
Scenarios set in a risk environment
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
29. Risk analysis techniques
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
enterprise risk management
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
30. Function point analysis
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
Tests - Extensive testing
31. Hierarchy of policies
Tests - Extensive testing
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
policy - principles - statements
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
32. Control self assessment Self-assessment (kd) or a Control Self Assessment (CSA supervised self-assessment
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
To take the residual risk a company is willing risk
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
33. Risk treatment process
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
34. Raci carts (RACI)
executive tasks: prioritization - resource alloc - project tracking
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
implementation - information security - assurance - Risk
35. Balanced scorecard - Financial
36. Three different control categories?
Benefits realization - risk optimization - resource optimization
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
executive tasks: prioritization - resource alloc - project tracking
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
37. Risk analysis methodology
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
Encourages the identification of measures that answer the question 'How do customers see us?'
Signature - statement - audit trail
Scenarios set in a risk environment
38. Return on security investment ROSI
Saving the cost of damage (eg ALE) minus cost of mitigation
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
39. The implementation phase of a (Gov. Compliance) Review
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
40. The report stage of a review
Signature - statement - audit trail
Observations / findings - risks - recommendation / report
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
41. Structure of the 32 COBIT processes mgmt.
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
pain points - improvment opportunities
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
42. Control risk
risk that the controls are inadequate
plan-prepare-execute-track-report
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
43. Entity level controls
Saving the cost of damage (eg ALE) minus cost of mitigation
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
44. CSFs
critical success factors
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
only known processes enabling
45. To address three types of risk in the ICS
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
pain points - improvment opportunities
Financial - Operational - Reputation
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
46. Methods for continuous process improvement
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
Financial - Operational - Reputation
COBIT provides the means of risk management - Riskit provides the ends.
47. Value management
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
processes are assets that create value for the customer
Saving the cost of damage (eg ALE) minus cost of mitigation
48. Comprehensive audits
To take the residual risk a company is willing risk
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
only known processes enabling
Tests - Extensive testing
49. Derivation Cobit practices / control objectives
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
operational risk (HR - Law - Nature - IT) - reputational risk
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
50. Key principle of BPM
risk that the controls are inadequate
risk and risk response evaluation
Trust Service Contracts
processes are assets that create value for the customer
