Governance & Management

Question 0

1. Which question is valid to ask when establishing how to manage the enabler performance?

a) Are good practices applied?
b) Is security enabled?
c) Are operations efficient?
d) Is performance monitored?

Answer 0

a) Are good practices applied? (Lead)
The other 3 ?’s are:

Are stakeholder needs addressed? (Lag)
Are enabler goals achieved? (Lag)
Is life cycle managed? (Lead)

Question 1

2. What type of process goal is compliant with external rules?
   a) Intrinsic
   b) Business
   c) Contextual
   d) Accessibility and security

Answer 1

a) Intrinsic

Question 2

3. What is the Programme Management Phase in the Implementation Life Cycle called when practical solutions are supported by justifiable business cases?
   a) Build improvements
   b) Define road map
   c) Plan programme
   d) Initiate programme

Answer 2

c) Plan programme

Question 3

4. Which requirement was a major driver for developing the COBIT5 framework?
   a) To encourage a common language throughout the enterprise to allow a better understanding of IT by stakeholders
   b) To be generic and useful for enterprises of all sizes, whether commercial, not-for-profit or in the public sector
   c) To provide further guidance in area with high interest, such as enterprise architecture
   d) To enable enterprises to achieve operational excellence through the reliable and efficient application of technology

Answer 3

c) To provide further guidance in area with high interest, such as enterprise architecture

Other possible reasons:
. Provide a renewed and authoritative governance and management framework for enterprise information and related technology
. Integrate all other major ISACA frameworks and guidance
. Align with other major frameworks and standards

Question 4

What is the name given to an enterprise communication mechanism for corporate values and desired behaviour?

a) Process outcomes
b) Organisational structures
c) Principles and policies
d) Rules and norms

Answer 4

c) Principles and policies

Question 5

Which requirements describes ‘contextual quality’ in the Goals Enabler dimension?

a) Outcomes should be relevant and complete
b) Enablers are available when, and if, needed
c) Enablers provide accurate, objective and reputable results
d) Outcomes are secured

Answer 5

c) Enablers provide accurate, objective and reputable results

Question 6

Which statement is correct about the three COBIT guides, (Process Assessment Model, Assessor Guide, Self-assessment Guide)?

a) The Process Assessment Model (PAM) is assessed by the Assessor Guide
b) The Program Assessment Model does NOT have any value without the Assessor Guide
c) The Self-Assessment Guide is the same as the Assessor Guide, but used internally in an organisation
d) The Self-Assessment Guide can be used to prepare for a formal Process Capability Assessment

Answer 6

d) The Self-Assessment Guide can be used to prepare for a formal Process Capability Assessment

Question 7

Which element is a key component of the COBIT 5 Governance Approach?

a) Stakeholder Transparency
b) Evaluate, Direct and Monitor
c) Plan, Build, Run, and Monitor
d) Governance Scope

Answer 7

d) Governance Scope

Question 8

Which activity is a good practice of operating principles within the organisation structure enabler?

a) Publishing a schedule of Board meetings in advance
b) Issuing the boundaries of the organisation structure’s decision rights
c) Defining the structure to delegate decision rights
d) Documenting the decisions which the structure is authorised to take

Answer 8

a) Publishing a schedule of Board meetings in advance

Operating principles are the practical arrangements regarding how the structure will operate, such as frequency of meetings, documentation and housekeeping rules

Question 9

What is the purpose of the Goals Cascade?

a) Consider the Inputs and Outputs of an IT process in the enterprise
b) Defined and implement the Enterprise Architecture of an enterprise
c) Support alignment between enterprise needs and IT solutions and services
d) Support the definition of clear roles and responsibilities in an enterprise

Answer 9

c) Support alignment between enterprise needs and IT solutions and services

Question 10

What is the purpose of the policies element within the principles, policies and frameworks model?

a) To be open and flexible
b) To specify consequences of failing to comply
c) To provide detailed guidance on how to put principles into practice
d) To express the core values of the enterprise

Answer 10

c) To provide detailed guidance on how to put principles into practice

Question 11

Identify the missing word(s) in the following sentence. Process [?] is a process attribute for a Predictable process.

a) innovation
b) performance management
c) assessment
d) measurement

Answer 11

d) measurement

Question 12

What do Processes produce as a result of their operation?

a) RACI charts
b) Cultural aspects
c) Service capabilities
d) Business goals

Answer 12

c) Service capabilities

Processes produce, and also require, service capabilities (infrastructure, applications, etc.)

Question 13

What is the MOST suitable process domain for skills such as Portfolio Management?

a) Monitor, Evaluate and Assess (MEA)
b) Deliver, Service and Support (DSS)
c) Build, Acquire and Implement (BAI)
d) Align, Plan and Organise (APO)

Answer 13

d) Align, Plan and Organise (APO)
Other APO skill categories include:
IT policy formulation, IT strategy, Enterprise architecture, Innovation, Financial management, and Portfolio management.

Question 14

Which enabler translates desired behaviour into practical guidance?

a) Culture, Ethics and Behaviour
b) Services, Infrastructure and Applications
c) Principles, Policies and Frameworks
d) People, Skills and Competencies

Answer 14

c) Principles, Policies and Frameworks

Question 15

Which option is NOT a benefit to the enterprise of using the COBIT 5 framework?

a) COBIT 5 is first and foremost a ‘business framework’
b) COBIT 5 is a framework to be used mainly for IT Service management
c) COBIT 5 enables IT to be managed in a holistic manner
d) COBIT 5 encourages a common language throughout the enterprise

Answer 15

b) COBIT 5 is a framework to be used mainly for IT Service management

Question 16

What role is the most senior official of the enterprise who is responsible for aligning IT and business strategies?

a) Business Executive
b) Head of Architecture
c) Chief Information Officer (CIO)
d) Chief Operating Officer (COO)

Answer 16

c) Chief Information Officer (CIO)

Question 17

Which driver influences Stakeholder needs?

a) Good practices
b) Contextual quality
c) Lag indicators
d) Regulatory environment

Answer 17

d) Regulatory environment
Stakeholder needs are influenced by a number of drivers, e.g., strategy changes, a changing business and regulatory environment, and new technologies.

Question 18

What is an important vehicle for executing policies?

a) Organisational structures
b) Process practices
c) Governance framework
d) Rules and norms

Answer 18

b) Process practices

Process practices and activities are the most important vehicle for executing policies.

Question 19

What role is responsible for monitoring activities to achieve enterprise objectives in the Governance Approach?

a) Governing body
b) Operations
c) Stakeholders
d) Management

Answer 19

d) Management

Question 20

What term is used to describe projects that are duplicated which may indicated a need for improved governance of enterprise IT?

a) Mergers and acquisitions
b) Pain points
c) Trigger events
d) IT risk

Answer 20

b) Pain points

Trigger events are changes in the environment

Question 21

What is the purpose of the Process Reference Model?

a) To be the basis for the capability dimension which defines the rating method to conform to ISO15504
b) To be the basis for the process dimension which outlines the structure of the 37 COBIT processes
c) To be the basis for the process dimension which gives the specific process references on each capability level
d) To contain the generic attributes for the levels two, three, four and five

Answer 21

b) To be the basis for the process dimension which outlines the structure of the 37 COBIT processes

Question 22

In what sequence would the following occur in the COBIT 5 Process Reference Model?

1. Build
2. Direct
3. Plan
   a) 2, 3, 1
   b) 1, 2, 3
   c) 2, 1, 3
   d) 3,1, 2

Answer 22

a) 2, 3, 1

Direct, Plan, then Build

Question 23

Identify the missing words in the following sentence. Enterprise Architecture is considered a skill category for the [?] Process Domain.

a) Evaluate, Direct and Monitor (EDM)
b) Build, Acquire and Implement (BAI)
c) Align, Plan and Organise (APO)
d) Monitor, Evaluate and Assess (MEA)

Answer 23

c) Align, Plan and Organise (APO)

Question 24

What capability level is an established process?

a) Level 1
b) Level 2
c) Level 3
d) Level 4

Answer 24

c) Level 3
Levels are...
0 - incomplete process
1 - performed process
2 - managed process
3 - established process
4 - predictable process
5 - optimising process

Question 25

What are IT-related outcomes, required to achieve enterprise goals, represented by?

a) IT-related goals
b) Enabler goals
c) IT balanced scorecard
d) Processes

Answer 25

a) IT-related goals

Question 26

What is a collection of practices influenced by the enterprise’s policies and procedures that takes input form a number of sources, manipulates the inputs and produces outputs known as?

a) Framework
b) Policies
c) Enablers
d) Process

Answer 26

d) Process
A process is defined as ‘a collection of practices influenced by the enterprise’s policies and procedures that takes inputs from a number of sources (including other processes), manipulates the inputs and produces outputs (e.g., products, services)’.

Question 27

What information layer contains the attributes for how the information is carried?

a) Social world
b) Semantic
c) Physical world
d) Empiric

Answer 27

c) Physical world

Question 28

How is the Governance Objective of ‘Value Creation’ met?

a) By realising benefits
b) By optimising resources
c) By optimising risk
d) All of the above

Answer 28

d) All of the above

Question 29

What is the purpose of the principles element within the principles, policies and frameworks model?

a) To be limited in number
b) To express the core values of the enterprise
c) To be open and flexible to ensure policies achieve the stated purpose
d) To provide a logical flow for staff who have to comply with them

Answer 29

b) To express the core values of the enterprise

Question 30

Why is a process capability assessment performed?

a) To identify process improvement
b) To make a cost-benefit analysis of the process
c) To judge the quality of the people executing the process
d) To define the metrics of the process

Answer 30

a) To identify process improvement

Question 31

What attribute describes information that is applicable and helpful?

a) Relevancy
b) Currency
c) Completeness
d) Ease of manipulation

Answer 31

a) Relevancy

Question 32

What are stakeholder needs cascaded into?

a) IT-related goals
b) Enterprise goals
c) Process goals
d) Risk Optimisation goals

Answer 32

b) Enterprise goals

Question 33

Which characteristic is necessary for a good policy?

a) Effective
b) Expresses the core values of the enterprise
c) Intrusive
d) Limited in number

Answer 33

a) Effective

Question 34

What rating level must a process attain in order to pass an assessment?

a) F - Only Fully
b) P - Partially and or L - Largely
c) L - Largely and or F - Fully
d) P - Partially

Answer 34

c) L - Largely and or F - Fully

Question 35

Which action is good practice to help encourage desired behaviour in an enterprise?

a) Publishing Operating Principles
b) Communicating Skill categories
c) Appointing Business champions
d) Publishing Delegation of Authority procedures

Answer 35

c) Appointing Business champions
Others include: Enterprise communication of desired behaviours and underlying corporate values, awareness of desired behaviour strengthened by the example behaviour exercised by Sr. Mgmt. and other champions

Question 36

Which aspect relates to the COBIT 5 key principle ‘Applying a Single Integrated Framework’?

a) Aligns with the latest views on Governance
b) Provides a simple architecture
c) Translates Stakeholder needs into strategy
d) Defines the relationship between Governance and Management

Answer 36

b) Provides a simple architecture

Question 37

Who is an internal stakeholder?

a) A customer
b) A business partner
c) A regulator
d) A business executive

Answer 37

d) A business executive
External stakeholders include customers, business partners, shareholders and regulators. Internal stakeholders include the board, management, staff and volunteers.

Question 38

How are Generic Practices used in the Process Assessment Model (PAM)?

a) To assess processes from levels 2 to 5
b) To assess processes only at level 1
c) To asses process at all levels of the Capability Model
d) To assess processes only at level 6

Answer 38

a) To assess processes from levels 2 to 5

Question 39

When designing an implementation plan for governance and management of IT, what is an environmental factor that should be taken into consideration?

a) Complex IT operating Models
b) Hidden and rogue IT spending
c) Applicable laws and regulations
d) External audit or consultant assessments

Answer 39

c) Applicable laws and regulations

Question 40

Which attribute does NOT apply to a Process Activity?

a) Considers the input and outputs of the process
b) Supports establishment of clear roles and responsibilities
c) Describes a set of implementation steps to achieve a management practice
d) Provides statements of actions to deliver benefits

Answer 40

d) Provides statements of actions to deliver benefits

Question 41

Identify the missing word in the following sentence. The responsibilities of Management include planning and monitoring activities in alignment with the direction set by the governance body to achieve the [?] objectives.

a) enabler
b) stakeholder
c) IT-related
d) enterprise

Answer 41

d) enterprise

Question 42

What is the term used to describe the values by which the enterprise wants to operate?

a) Intrinsic quality
b) Organisational ethics
c) Individual ethics
d) Good practices

Answer 42

b) Organisational ethics

Question 43

Which business tool is used to justify business investments?

a) Business objectives
b) Business case
c) Business policies
d) Process Capability model

Answer 43

b) Business case

Question 44

Which statement is NOT a reason why COBIT 5 is an integrated framework?

a) It is complete in enterprise coverage
b) Provides a simple architecture
c) Has to be used with other standards
d) Operates with previous ISACA frameworks

Answer 44

c) Has to be used with other standards

Question 45

Identify the missing words in the following sentence. Business processes transform knowledge in order to create [?] for an enterprise.

a) IT Processes
b) Information
c) The Enabler Dimension
d) Both the Process and Capability Dimensions

Answer 45

d) Both the Process and Capability Dimensions
Business processes generate and process data, transforming them into information and knowledge, and ultimately generating value for the enterprise.
Information cycle: Business Processes/IT Processes generate and Process -> Data and transform -> Information which transforms Knowledge and creates -> Value which Drives - Business Processes/IT Processes.

Question 46

Which dimension (s) deals specifically with the Process Reference Model?

a) The Capability Dimension
b) The Process Dimension
c) The Enabler Dimension
d) Both Process and Capability Dimensions

Answer 46

b) The Process Dimension

Question 47

Which item is a Service capability to deliver internal and external services?

a) Frameworks
b) Information
c) Intrinsic Goal
d) Contextual Goal

Answer 47

b) Information

Question 48

What does a ‘Lead Indicator’ measure?

a) If enabler goals are achieved
b) If stakeholder needs are addressed
c) If governance is managed
d) If good practices are applied

Answer 48

d) If good practices are applied
Lead indicators deal with the actual functioning of the enabler itself answering the questions: Is the enabler life cycle managed? and Are good practices applied?

Question 49

What is the specific information criteria called if it meets only the need of the information consumer?

a) Compliant
b) Believability
c) Ease of operation
d) Effective

Answer 49

d) Effective

Information is effective if it meets the needs of the information consumer who uses the information for a specific task.