Governance & Management Flashcards
- Which question is valid to ask when establishing how to manage the enabler performance?
a) Are good practices applied?
b) Is security enabled?
c) Are operations efficient?
d) Is performance monitored?
a) Are good practices applied? (Lead)
The other 3 ?’s are:
Are stakeholder needs addressed? (Lag)
Are enabler goals achieved? (Lag)
Is life cycle managed? (Lead)
- What type of process goal is compliant with external rules?
a) Intrinsic
b) Business
c) Contextual
d) Accessibility and security
a) Intrinsic
- What is the Programme Management Phase in the Implementation Life Cycle called when practical solutions are supported by justifiable business cases?
a) Build improvements
b) Define road map
c) Plan programme
d) Initiate programme
c) Plan programme
- Which requirement was a major driver for developing the COBIT5 framework?
a) To encourage a common language throughout the enterprise to allow a better understanding of IT by stakeholders
b) To be generic and useful for enterprises of all sizes, whether commercial, not-for-profit or in the public sector
c) To provide further guidance in area with high interest, such as enterprise architecture
d) To enable enterprises to achieve operational excellence through the reliable and efficient application of technology
c) To provide further guidance in area with high interest, such as enterprise architecture
Other possible reasons:
. Provide a renewed and authoritative governance and management framework for enterprise information and related technology
. Integrate all other major ISACA frameworks and guidance
. Align with other major frameworks and standards
What is the name given to an enterprise communication mechanism for corporate values and desired behaviour?
a) Process outcomes
b) Organisational structures
c) Principles and policies
d) Rules and norms
c) Principles and policies
Which requirements describes ‘contextual quality’ in the Goals Enabler dimension?
a) Outcomes should be relevant and complete
b) Enablers are available when, and if, needed
c) Enablers provide accurate, objective and reputable results
d) Outcomes are secured
c) Enablers provide accurate, objective and reputable results
Which statement is correct about the three COBIT guides, (Process Assessment Model, Assessor Guide, Self-assessment Guide)?
a) The Process Assessment Model (PAM) is assessed by the Assessor Guide
b) The Program Assessment Model does NOT have any value without the Assessor Guide
c) The Self-Assessment Guide is the same as the Assessor Guide, but used internally in an organisation
d) The Self-Assessment Guide can be used to prepare for a formal Process Capability Assessment
d) The Self-Assessment Guide can be used to prepare for a formal Process Capability Assessment
Which element is a key component of the COBIT 5 Governance Approach?
a) Stakeholder Transparency
b) Evaluate, Direct and Monitor
c) Plan, Build, Run, and Monitor
d) Governance Scope
d) Governance Scope
Which activity is a good practice of operating principles within the organisation structure enabler?
a) Publishing a schedule of Board meetings in advance
b) Issuing the boundaries of the organisation structure’s decision rights
c) Defining the structure to delegate decision rights
d) Documenting the decisions which the structure is authorised to take
a) Publishing a schedule of Board meetings in advance
Operating principles are the practical arrangements regarding how the structure will operate, such as frequency of meetings, documentation and housekeeping rules
What is the purpose of the Goals Cascade?
a) Consider the Inputs and Outputs of an IT process in the enterprise
b) Defined and implement the Enterprise Architecture of an enterprise
c) Support alignment between enterprise needs and IT solutions and services
d) Support the definition of clear roles and responsibilities in an enterprise
c) Support alignment between enterprise needs and IT solutions and services
What is the purpose of the policies element within the principles, policies and frameworks model?
a) To be open and flexible
b) To specify consequences of failing to comply
c) To provide detailed guidance on how to put principles into practice
d) To express the core values of the enterprise
c) To provide detailed guidance on how to put principles into practice
Identify the missing word(s) in the following sentence. Process [?] is a process attribute for a Predictable process.
a) innovation
b) performance management
c) assessment
d) measurement
d) measurement
What do Processes produce as a result of their operation?
a) RACI charts
b) Cultural aspects
c) Service capabilities
d) Business goals
c) Service capabilities
Processes produce, and also require, service capabilities (infrastructure, applications, etc.)
What is the MOST suitable process domain for skills such as Portfolio Management?
a) Monitor, Evaluate and Assess (MEA)
b) Deliver, Service and Support (DSS)
c) Build, Acquire and Implement (BAI)
d) Align, Plan and Organise (APO)
d) Align, Plan and Organise (APO)
Other APO skill categories include:
IT policy formulation, IT strategy, Enterprise architecture, Innovation, Financial management, and Portfolio management.
Which enabler translates desired behaviour into practical guidance?
a) Culture, Ethics and Behaviour
b) Services, Infrastructure and Applications
c) Principles, Policies and Frameworks
d) People, Skills and Competencies
c) Principles, Policies and Frameworks
Which option is NOT a benefit to the enterprise of using the COBIT 5 framework?
a) COBIT 5 is first and foremost a ‘business framework’
b) COBIT 5 is a framework to be used mainly for IT Service management
c) COBIT 5 enables IT to be managed in a holistic manner
d) COBIT 5 encourages a common language throughout the enterprise
b) COBIT 5 is a framework to be used mainly for IT Service management
What role is the most senior official of the enterprise who is responsible for aligning IT and business strategies?
a) Business Executive
b) Head of Architecture
c) Chief Information Officer (CIO)
d) Chief Operating Officer (COO)
c) Chief Information Officer (CIO)
Which driver influences Stakeholder needs?
a) Good practices
b) Contextual quality
c) Lag indicators
d) Regulatory environment
d) Regulatory environment
Stakeholder needs are influenced by a number of drivers, e.g., strategy changes, a changing business and regulatory environment, and new technologies.
What is an important vehicle for executing policies?
a) Organisational structures
b) Process practices
c) Governance framework
d) Rules and norms
b) Process practices
Process practices and activities are the most important vehicle for executing policies.
What role is responsible for monitoring activities to achieve enterprise objectives in the Governance Approach?
a) Governing body
b) Operations
c) Stakeholders
d) Management
d) Management
What term is used to describe projects that are duplicated which may indicated a need for improved governance of enterprise IT?
a) Mergers and acquisitions
b) Pain points
c) Trigger events
d) IT risk
b) Pain points
Trigger events are changes in the environment
What is the purpose of the Process Reference Model?
a) To be the basis for the capability dimension which defines the rating method to conform to ISO15504
b) To be the basis for the process dimension which outlines the structure of the 37 COBIT processes
c) To be the basis for the process dimension which gives the specific process references on each capability level
d) To contain the generic attributes for the levels two, three, four and five
b) To be the basis for the process dimension which outlines the structure of the 37 COBIT processes
In what sequence would the following occur in the COBIT 5 Process Reference Model?
- Build
- Direct
- Plan
a) 2, 3, 1
b) 1, 2, 3
c) 2, 1, 3
d) 3,1, 2
a) 2, 3, 1
Direct, Plan, then Build
Identify the missing words in the following sentence. Enterprise Architecture is considered a skill category for the [?] Process Domain.
a) Evaluate, Direct and Monitor (EDM)
b) Build, Acquire and Implement (BAI)
c) Align, Plan and Organise (APO)
d) Monitor, Evaluate and Assess (MEA)
c) Align, Plan and Organise (APO)
What capability level is an established process?
a) Level 1
b) Level 2
c) Level 3
d) Level 4
c) Level 3 Levels are... 0 - incomplete process 1 - performed process 2 - managed process 3 - established process 4 - predictable process 5 - optimising process
What are IT-related outcomes, required to achieve enterprise goals, represented by?
a) IT-related goals
b) Enabler goals
c) IT balanced scorecard
d) Processes
a) IT-related goals
What is a collection of practices influenced by the enterprise’s policies and procedures that takes input form a number of sources, manipulates the inputs and produces outputs known as?
a) Framework
b) Policies
c) Enablers
d) Process
d) Process
A process is defined as ‘a collection of practices influenced by the enterprise’s policies and procedures that takes inputs from a number of sources (including other processes), manipulates the inputs and produces outputs (e.g., products, services)’.
What information layer contains the attributes for how the information is carried?
a) Social world
b) Semantic
c) Physical world
d) Empiric
c) Physical world
How is the Governance Objective of ‘Value Creation’ met?
a) By realising benefits
b) By optimising resources
c) By optimising risk
d) All of the above
d) All of the above
What is the purpose of the principles element within the principles, policies and frameworks model?
a) To be limited in number
b) To express the core values of the enterprise
c) To be open and flexible to ensure policies achieve the stated purpose
d) To provide a logical flow for staff who have to comply with them
b) To express the core values of the enterprise
Why is a process capability assessment performed?
a) To identify process improvement
b) To make a cost-benefit analysis of the process
c) To judge the quality of the people executing the process
d) To define the metrics of the process
a) To identify process improvement
What attribute describes information that is applicable and helpful?
a) Relevancy
b) Currency
c) Completeness
d) Ease of manipulation
a) Relevancy
What are stakeholder needs cascaded into?
a) IT-related goals
b) Enterprise goals
c) Process goals
d) Risk Optimisation goals
b) Enterprise goals
Which characteristic is necessary for a good policy?
a) Effective
b) Expresses the core values of the enterprise
c) Intrusive
d) Limited in number
a) Effective
What rating level must a process attain in order to pass an assessment?
a) F - Only Fully
b) P - Partially and or L - Largely
c) L - Largely and or F - Fully
d) P - Partially
c) L - Largely and or F - Fully
Which action is good practice to help encourage desired behaviour in an enterprise?
a) Publishing Operating Principles
b) Communicating Skill categories
c) Appointing Business champions
d) Publishing Delegation of Authority procedures
c) Appointing Business champions
Others include: Enterprise communication of desired behaviours and underlying corporate values, awareness of desired behaviour strengthened by the example behaviour exercised by Sr. Mgmt. and other champions
Which aspect relates to the COBIT 5 key principle ‘Applying a Single Integrated Framework’?
a) Aligns with the latest views on Governance
b) Provides a simple architecture
c) Translates Stakeholder needs into strategy
d) Defines the relationship between Governance and Management
b) Provides a simple architecture
Who is an internal stakeholder?
a) A customer
b) A business partner
c) A regulator
d) A business executive
d) A business executive
External stakeholders include customers, business partners, shareholders and regulators. Internal stakeholders include the board, management, staff and volunteers.
How are Generic Practices used in the Process Assessment Model (PAM)?
a) To assess processes from levels 2 to 5
b) To assess processes only at level 1
c) To asses process at all levels of the Capability Model
d) To assess processes only at level 6
a) To assess processes from levels 2 to 5
When designing an implementation plan for governance and management of IT, what is an environmental factor that should be taken into consideration?
a) Complex IT operating Models
b) Hidden and rogue IT spending
c) Applicable laws and regulations
d) External audit or consultant assessments
c) Applicable laws and regulations
Which attribute does NOT apply to a Process Activity?
a) Considers the input and outputs of the process
b) Supports establishment of clear roles and responsibilities
c) Describes a set of implementation steps to achieve a management practice
d) Provides statements of actions to deliver benefits
d) Provides statements of actions to deliver benefits
Identify the missing word in the following sentence. The responsibilities of Management include planning and monitoring activities in alignment with the direction set by the governance body to achieve the [?] objectives.
a) enabler
b) stakeholder
c) IT-related
d) enterprise
d) enterprise
What is the term used to describe the values by which the enterprise wants to operate?
a) Intrinsic quality
b) Organisational ethics
c) Individual ethics
d) Good practices
b) Organisational ethics
Which business tool is used to justify business investments?
a) Business objectives
b) Business case
c) Business policies
d) Process Capability model
b) Business case
Which statement is NOT a reason why COBIT 5 is an integrated framework?
a) It is complete in enterprise coverage
b) Provides a simple architecture
c) Has to be used with other standards
d) Operates with previous ISACA frameworks
c) Has to be used with other standards
Identify the missing words in the following sentence. Business processes transform knowledge in order to create [?] for an enterprise.
a) IT Processes
b) Information
c) The Enabler Dimension
d) Both the Process and Capability Dimensions
d) Both the Process and Capability Dimensions
Business processes generate and process data, transforming them into information and knowledge, and ultimately generating value for the enterprise.
Information cycle: Business Processes/IT Processes generate and Process -> Data and transform -> Information which transforms Knowledge and creates -> Value which Drives - Business Processes/IT Processes.
Which dimension (s) deals specifically with the Process Reference Model?
a) The Capability Dimension
b) The Process Dimension
c) The Enabler Dimension
d) Both Process and Capability Dimensions
b) The Process Dimension
Which item is a Service capability to deliver internal and external services?
a) Frameworks
b) Information
c) Intrinsic Goal
d) Contextual Goal
b) Information
What does a ‘Lead Indicator’ measure?
a) If enabler goals are achieved
b) If stakeholder needs are addressed
c) If governance is managed
d) If good practices are applied
d) If good practices are applied
Lead indicators deal with the actual functioning of the enabler itself answering the questions: Is the enabler life cycle managed? and Are good practices applied?
What is the specific information criteria called if it meets only the need of the information consumer?
a) Compliant
b) Believability
c) Ease of operation
d) Effective
d) Effective
Information is effective if it meets the needs of the information consumer who uses the information for a specific task.