SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CGEIT: Certified In The Governance Of Enterprise It
Start Test
Study First
Subjects
:
certifications
,
cgeit
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Return on security investment ROSI
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
Saving the cost of damage (eg ALE) minus cost of mitigation
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
2. ISO 9000
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
plan-prepare-execute-track-report
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
3. Value management
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
Benefits realization - risk optimization - resource optimization
4. The implementation phase of a (Gov. Compliance) Review
Encourages the identification of measures that answer the question 'How do customers see us?'
pain points - improvment opportunities
critical success factors
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
5. Riskit vs. COBIT
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
Financial - Operational - Reputation
COBIT provides the means of risk management - Riskit provides the ends.
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
6. Derivation Cobit practices / control objectives
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
7. Escrow contracts
risk that the controls are inadequate
Trust Service Contracts
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
8. Anual loss expectancy ALE
quantitative risk analysis approach - damage cost per year * enter frequency
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
Saving the cost of damage (eg ALE) minus cost of mitigation
9. 5 focus area of IT Governance
unavoidable risk
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
stratecic establish alignment / framework - value delivery - risk management - resource mgmt - performance mgmt / stakeholer transparency
Encourages the identification of measures that answer the question 'How do customers see us?'
10. Control self assessment Self-assessment (kd) or a Control Self Assessment (CSA supervised self-assessment
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
Observations / findings - risks - recommendation / report
11. A widely used definition of operational risk is the one contained in the Basel II [1] regulations. This definition states that operational risk is the risk of loss resulting from ____________ - people and systems - or from external events.
Observations / findings - risks - recommendation / report
inadequate or failed internal processes
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
12. ISO 9000
only known processes enabling
Trust Service Contracts
QA
Financial - Operational - Reputation
13. IT Governance and COBIT
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
informations inherited
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
14. Methods for continuous process improvement
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
TQM - BPM /BPR (... reengineering) - BSC - Six Sigma - CMMI
15. IT governance life cycle
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
implementation - information security - assurance - Risk
what are the drivers - where are we now - where do we want to be - what needs to be done (project plan) - how do we get there (execute) - did we get there - how to keep the momentum going
operational risk (HR - Law - Nature - IT) - reputational risk
16. IT Strategy Committee
The identification of measures that answer the question 'What must we excel at?'
only known processes enabling
VR level - integration and business strategy it - Chaired by a business executive / board member
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
17. IT Steering Committee
QA
risk and risk response evaluation
executive tasks: prioritization - resource alloc - project tracking
implementation - information security - assurance - Risk
18. Balanced scorecard - Internal Business Processes
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
19. KPI
Value analysis - was initially applied WA - to identify and eliminate unnecessary costs. WA is equally successful in improving the performance and function of resources other than the costs. In the course of time - extended the WA applications from p
critical success factors
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
Signature - statement - audit trail
20. Key principle of BPM
processes are assets that create value for the customer
enterprise risk management
The identification of measures that answer the question 'What must we excel at?'
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
21. To address three types of risk in the ICS
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
Financial - Operational - Reputation
enterprise risk management
informations inherited
22. application vs. controls. IT general controls
enterprise risk management
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
general: magmt change - security - operations control Application: do everything to do with app. pgm. has zb source management - authentication validation
23. COBIT framework
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
5 gov processes (GL - PR) - std (users realize - risks opt opt ress) and framework - stakeholder transparency create - it gov: provide direction - evaluate performance - it Mgmnt: translate strategy into direction - and report performance mesure - 32
COBIT provides the means of risk management - Riskit provides the ends.
inadequate or failed internal processes
24. Valit content framework
Signature - statement - audit trail
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
risk that the controls are inadequate
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
25. Balanced scorecard - Financial
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
26. COBIT professional guides
implementation - information security - assurance - Risk
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
operational risk (HR - Law - Nature - IT) - reputational risk
27. Balanced scorecard (BSC)
VR level - integration and business strategy it - Chaired by a business executive / board member
A strategic performance management tool - a semi-standard structured report - supported by proven design methods and automation tools - that can be used by managers to keep track of the execution of activities by the staff within their control and .
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
28. Comprehensive audits
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
COBIT provides the means of risk management - Riskit provides the ends.
Tests - Extensive testing
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
29. Risk analysis techniques
(hierarchy) 5 domains (EDM - po ad ds me) - processes 37 - 211 practices
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
processes are assets that create value for the customer
30. Good starting points forIT Gov
Financial - Operational - Reputation
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
pain points - improvment opportunities
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
31. COBIT enabler guides
only known processes enabling
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
32. Establishing accountability
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
33. Function point analysis
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
COBIT provides the means of risk management - Riskit provides the ends.
Preventive controls - detective controls - corrective controls (troubleshooting instructions)
Financial - Operational - Reputation
34. Refine the innovation process management
Threat analysis - vulnerability assessment - gap analysis - (positive and negative / opportunities and threats)
policy - principles - statements
Observations / findings - risks - recommendation / report
create an environment conductive to innovate - Maintain / understand the enterprise environment - monitor / scan the technology environment - assess the potential of emerging tech.- recommend appropriate further initiatives - monitor the implication
35. Inherent risk
who should do what? - establishing accountability - VR / goals objectives - GL translate strategy into action (automation - cost - risk mgmt)
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
unavoidable risk
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
36. Raci carts (RACI)
implementation - information security - assurance - Risk
risk that the controls are inadequate
a technique for analysis and presentation of responsibilities - the name is derived from the initial letters of the words Responsible - Accountable - Consulted and Informed.
QA
37. CSFs
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
critical success factors
Signature - statement - audit trail
38. Risk treatment process
Financial - Operational - Reputation
risk and risk response evaluation
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
Benefits realization - risk optimization - resource optimization
39. Entity level controls
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
Signature - statement - audit trail
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
40. Detection risk
implementation - information security - assurance - Risk
Review process for software system - The functional size is determined - where you split the functional requirements of an application into small - meaningful to the user activities that elementary processes. Same elementary processes are evaluated o
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
risk that something will NOT be revealed - ill-prepared - not tested properly - misinterpreted findings weighted wrong
41. COBIT cascading goals
plan: align - plan - Organize (PO) - build: build - Aquire - Implement (AI) - run: Deliver - servie - Support (DS) - Monitor: Monitor - Evaluate - control ME
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
Controls at the corporate level - are internal controls that help Ensure that management directives pertaining to the entire entity are Carried out. They are the second level of a top-down approach to understanding the risks of an organization. Gener
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
42. Risk appetite
enterprise risk management
A quality management standard describes the requirements that must be satisfied by the management system of a company in order to meet a certain standard in the implementation of quality management. It can serve both informative for implementation wi
To take the residual risk a company is willing risk
Encourages the identification of measures that answer the question? 'How can we continue to improve and create value. '
43. benefit management (Profit organization realization)
Benefits realization management (BRM) (also benefits management or benefits realization) is the explicit planning - delivery and management of whole life benefits from an investment. An investment is only successful if Intended benefits are Realised
Encourages the identification of a few relevant high-level financial measures. In Particular - designers were encouraged to choose measures that helped inform the answer to the question 'How do we look to shareholders?'
enterprise risk management
unavoidable risk
44. ISO 31000
Encourages the identification of measures that answer the question 'How do customers see us?'
Signature - statement - audit trail
enterprise risk management
Saving the cost of damage (eg ALE) minus cost of mitigation
45. The report stage of a review
Business goals with Gov. goals priorisiern - IT goals with U-prioritize targets (script 82) - prioritize process with IT goals
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
unavoidable risk
Observations / findings - risks - recommendation / report
46. Procedure for Governance Compliance Review
plan-prepare-execute-track-report
implementation - information security - assurance - Risk
Benefits realization - risk optimization - resource optimization
basic ingredients - basic principles - enterprise enablers - goals cascade - maturity model
47. Use of balanced scorecards
The identification of measures that answer the question 'What must we excel at?'
Observations / findings - risks - recommendation / report
Define risk owners (possibly delegate to process owners) - avoid the formation - reduction - sharing - acceptance - cost benefit measures to keep the residual risk within defined tolerance limits
performance monitoring - to demostrate the effectivness if IT and communicate about it - Performance - risk and capabilities
48. Best practices in dealing with policies Policies (not principles)
QA
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
Scoping - formal enactment - clear Vogaben at exceptions - verification of compliance
iter (interview - test analysis - detecting / hold / summarize - Discuss with auditee
49. Audit risk consists of...
inherent risk - control risk: insufficient control system - detection risk: insufficient testing
An internally controlled collection and analysis of values. In a control self-assessment fill out one or more units surveyed questionnaires - which can then be evaluated independently. This survey can help the units (individuals - groups - department
extract optimal value from investments it - value management: processes - monitor - portfolio management: funds - human - investment management: business case - Manging program / projects
critical success factors
50. Types of assertions
policy - principles - statements
Signature - statement - audit trail
Used in business administration figures - references which can be the progress or the level of compliance with regard to important objectives or critical success factors measured within an organization and / or calculated - Important KPIs in the serv
a risk Arising from execution of a company's business functions. It is a very broad concept Which Focuses on the risks you Arising from the people - systems and processes through Which a company operates. It therefore includes other categories examin
