SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CGEIT: Certified In The Governance Of Enterprise It
Start Test
Study First
Subjects
:
certifications
,
cgeit
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Anual loss expectancy ALE
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
Trust Service Contracts
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
quantitative risk analysis approach - damage cost per year * enter frequency
2. Balanced scorecard - Customer
3. Refine the innovation process management
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
To take the residual risk a company is willing risk
4. Best practices in dealing with policies Policies (not principles)
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
critical success factors
5. ISO 9000
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
6. Audit risk consists of...
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
7. Methods for continuous process improvement
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
pain points - improvment opportunities
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
To take the residual risk a company is willing risk
8. Balanced scorecard (BSC)
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
inadequate or failed internal processes
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
9. Key principle of BPM
implementation - information security - assurance - Risk
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
processes are assets that create value for the customer
10. benefit management (Profit organization realization)
To take the residual risk a company is willing risk
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
enterprise risk management
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
11. Types of assertions
Saving the cost of damage (eg ALE) minus cost of mitigation
Signature - statement - audit trail
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
12. IT governance life cycle
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
QA
Saving the cost of damage (eg ALE) minus cost of mitigation
13. risk governance
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
Signature - statement - audit trail
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
risk and risk response evaluation
14. Raci carts (RACI)
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
informations inherited
15. The implementation phase of a (Gov. Compliance) Review
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
operational risk (HR - Law - Nature - IT) - reputational risk
only known processes enabling
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
16. Structure of the 32 COBIT processes mgmt.
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
Encourages the identification of measures that answer the question 'How do customers see us?'
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
operational risk (HR - Law - Nature - IT) - reputational risk
17. Balanced scorecard - Financial
18. Balanced scorecard - Internal Business Processes
19. ISO 9000
Trust Service Contracts
QA
To take the residual risk a company is willing risk
inadequate or failed internal processes
20. Entity level controls
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
Scenarios set in a risk environment
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
Saving the cost of damage (eg ALE) minus cost of mitigation
21. COBIT framework
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
policy - principles - statements
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
22. IT Strategy Committee
VR level - integration and business strategy it - Chaired by a business executive / board member
policy - principles - statements
only known processes enabling
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
23. COBIT cascading goals
policy - principles - statements
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
24. Derivation Cobit practices / control objectives
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
25. Function point analysis
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
26. Establishing accountability
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
Saving the cost of damage (eg ALE) minus cost of mitigation
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
27. Use of balanced scorecards
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
Saving the cost of damage (eg ALE) minus cost of mitigation
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
implementation - information security - assurance - Risk
28. ISO 27000
implementation - information security - assurance - Risk
plan-prepare-execute-track-report
informations inherited
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
29. 3 Governance Objectives
Benefits realization - risk optimization - resource optimization
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
30. Risk treatment process
Scenarios set in a risk environment
Saving the cost of damage (eg ALE) minus cost of mitigation
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
31. The 3 themes of the ICS economic / financial risk
operational risk (HR - Law - Nature - IT) - reputational risk
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
QA
processes are assets that create value for the customer
32. Balanced scorecard - Learning and Growt
33. Value management
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
34. Detection risk
quantitative risk analysis approach - damage cost per year * enter frequency
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
VR level - integration and business strategy it - Chaired by a business executive / board member
35. Control self assessment Self-assessment (kd) or a Control Self Assessment (CSA supervised self-assessment
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
36. Operational risk is...
37. Hierarchy of policies
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
policy - principles - statements
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
38. 5 focus area of IT Governance
policy - principles - statements
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
inadequate or failed internal processes
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
39. Three different control categories?
Trust Service Contracts
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
implementation - information security - assurance - Risk
40. IT Steering Committee
executive tasks: prioritization - resource alloc - project tracking
processes are assets that create value for the customer
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
41. COBIT professional guides
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
implementation - information security - assurance - Risk
informations inherited
Observations / findings - risks - recommendation / report
42. CSFs
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
critical success factors
policy - principles - statements
43. IT Governance and COBIT
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
operational risk (HR - Law - Nature - IT) - reputational risk
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
44. A widely used definition of operational risk is the one contained in the Basel II [1] regulations. This definition states that operational risk is the risk of loss resulting from ____________ - people and systems - or from external events.
inadequate or failed internal processes
QA
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
45. KPI
COBIT provides the means of risk management - Riskit provides the ends.
Scenarios set in a risk environment
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
pain points - improvment opportunities
46. COBIT enabler guides
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
only known processes enabling
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
Saving the cost of damage (eg ALE) minus cost of mitigation
47. Risk analysis techniques
Benefits realization - risk optimization - resource optimization
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
plan-prepare-execute-track-report
48. Return on security investment ROSI
executive tasks: prioritization - resource alloc - project tracking
Saving the cost of damage (eg ALE) minus cost of mitigation
inadequate or failed internal processes
risk that the controls are inadequate
49. The report stage of a review
Observations / findings - risks - recommendation / report
enterprise risk management
Scenarios set in a risk environment
Financial - Operational - Reputation
50. Control risk
QA
Trust Service Contracts
risk that the controls are inadequate
executive tasks: prioritization - resource alloc - project tracking