Governance Systems and Components

Question 1

In Cobit what are the highest two groupings of components ?

Answer 1

• Governance - Those components that fall into the remit of a governance body
• Management - Those components that are the remit of management to implement

Question 2

What are domains within Cobit ?

Answer 2

A broad categorisation of components

Question 3

What are the four management domains for Cobit components ?

Answer 3

1. Align, Plan and Organise (APO)
2. Build, Acquire and Implement (BAI)
3. Deliver, Service and Support (DSS)
4. Monitor, Evaluate and Assess (MEA)

Question 4

What is the only governance domain ?

Answer 4

Evaluate, Direct and Monitor

Question 5

Why in COBIT are the Organisational structures important ?

Answer 5

Because they are the delivery mechanism of the Cobit Components

Question 6

What is the board in the Cobit Organisational Structure ?

Answer 6

It is a Group of senior executive and non executive directors accountable for governance and overall control of enterprise resources

Question 7

What is the role of the Executive committee in Cobit ?

Answer 7

A committee appointed by the board to ensure that the board is involved or notified of major decisions

Question 8

What is the role of the Chief Executive Officer ?

Answer 8

Highest ranking officer charged with the total management of the enterprise

Question 9

What is the role of the Chief Financial Officer

Answer 9

Most senior officer responsible for all aspects of financial management including financial risk and controls and accurate accounts

Question 10

Chief Operating Officer

Answer 10

Most senior person responsible for the operations of the enterprise

Question 11

What is the role of the Chief Risk Officer ?

Answer 11

Most senior official responsible for all risk management across enterprise

Question 12

What is the role of the Chief Information Officer ?

Answer 12

Most senior officer responsible for aligning business and IT responsible for planning and resourcing and managing delivery of I & T services and solutions

Question 13

What is the role of the Chief Technical Officer

Answer 13

Most senior officer responsible for technical aspects of IT can be absorbed by Chief Information Officer role

Question 14

What is the role of the Chief Digital Officer

Answer 14

Most senior person responsible for digital aspects of company may be done by CIO role

Question 15

What is I & T Governance board ?

Answer 15

Group of stakeholders responsible for guiding I & T activities within organisations

Question 16

What is the role of the Architecture board ?

Answer 16

Responsible for setting Architecture and Standards

Question 17

What is the main responsibility of the Architecture board ?

Answer 17

Responsible for setting Architecture and Standards

Question 18

What is the role of the Enterprise Risk Committee

Answer 18

Responsible for managing enterprise risk management and decisions

Question 19

What is the role of the Chief Information Security Officer ?

Answer 19

Responsible for all aspects of security management across enterprise

Question 20

What is the role of the Business Process Owner ?

Answer 20

Responsible for driving through business process execution, management and change and improvement

Question 21

What is the role of the portfolio manager ?

Answer 21

Managing projects and portfolio management and realisation of long term objectives

Question 22

What is the role of the Steering Committee

Answer 22

Resource allocation, delivery of benefits and value, management and monitoring of plans

Question 23

What is the role of the Program Manager

Answer 23

Guides a specific program, risk management articulation of goals and objectives

Question 24

What is the role of a Project Manager ?

Answer 24

Responsible for guiding a particular project within a program in terms of activities and resources

Question 25

What is the role of the Project Management Office ?

Answer 25

Supports program and project managers and gathers reporting information

Question 26

What is the role of the Data Management Function ?

Answer 26

Responsible for Data assets management across enterprise data life cycle infrastructure and assets

Question 27

What is the role of a Relationship Manager ?

Answer 27

Responsible for interface communications between I & T and business and external parties

Question 28

What is the role of Head of IT Operations ?

Answer 28

Accountable for IT infrastructure, operations and environments

Question 29

What is the role of Head of IT Administration ?

Answer 29

Responsible for maintaining IT records

Question 30

What is the role of the Service Manager ?

Answer 30

Manages the implementation, development and evaluation of new and existing services and products

Question 31

What is the role of Information Security Manager ?

Answer 31

Manages the implementation evaluation and ongoing maintenance of enterprises information security

Question 32

What is the role of the business continuity manager >

Answer 32

Manages processes and resources that ensure critical functions can continue to operate during disruptive events

Question 33

What is the role of the privacy officer ?

Answer 33

Monitor impact of business and privacy requirements and compliance with them

Question 34

What is the role of legal counsel

Answer 34

Guidance on legal and regulatory matters

Question 35

Who manages Manages guidance for external compliance

Answer 35

Compliance

Question 36

What is the role for audit

Answer 36

Responsible for internal audits

Question 37

What is a design factor ?

Answer 37

Design Factors are influences on the design of a governance system.

Question 38

In the Design Factor Enterprise Strategy what are the four main archetypes ?

Answer 38

1. Growth/Acquistion - Focus is on growth and acquisition
2. Innovation/Differentiation - Focus on different and innovative products
3. Cost Leadership - Short Term focus on cost minimisation
4. Client Service/Stability - Provision of a stable and client orientated service

Question 39

Can an Enterprise have more than one strategy ?

Answer 39

Yes it can have a primary and a secondary strategy

Question 40

What are enterprise goals design factors ?

Answer 40

Goals that are strategy specific so some goals are more aligned with the Cost minimisation strategy

Question 41

Give four examples of Financial Enterprise Goals ?

Answer 41

1. Portfolio of Competitive Products and Services
2. Manage Business Risk
3. Compliance with External Laws and Regulations
4. Quality of Financial Information

Question 42

Give three examples of customer oriented enterprise goals ?

Answer 42

1. Customer Oriented Service Culture
2. Business Service and Continuity
3. Quality of Management Information

Question 43

Give four examples of Internal Enterprise Goals ?

Answer 43

1. Optimisation of Internal Business Processes
2. Staff Skill Motivation and Productivity
3. Compliance with Internal Policies
4. Optimisation of Internal Business Processes

Question 44

Give two example of Growth focussed Enterprise Goals ?

Answer 44

1. Manage Digital Information Programs
2. Product and Business Innovations

Question 45

What is the risk profile design factor ?

Answer 45

An understanding of those areas where the risk appetite is being exceeded and where the enterprise is exposed

Question 46

What is the threat profile design factor ?

Answer 46

The landscape under which the enterprise operates

Normal - Normal threat landscape
High - Due to its geopolitical situation, industry sector or particular profile the enterprise is operating in a high level threat profile.

Question 47

What are the three levels of the compliance design factor ?

Answer 47

Low, Normal and High

Question 48

What are the four levels within the role of IT design factor ?

Answer 48

There are four types in COBIT

Support - IT is not crucial for the running or innovation of the business
Factory - IT is not seen as a driver for business process or services though failure is marked
Turnaround - IT is a driver for business process and services not a critical dependency on IT for business continuity
Strategic - IT is critical for both running and innovation

Question 49

In the sourcing design factor what are the four options ?

Answer 49

1. Cloud
2. Outsourcing
3. Insourced
4. Hybrid

Question 50

What are the four methods under implementation design factor

Answer 50

1. Agile
2. Devops
3. Traditional
4. Hybrid

Question 51

What are the three types of technology adopter design factor

Answer 51

1. First Mover
2. Follower
3. Slow Adopter

Question 52

In the Enterprise Size design factor what is considered a large enterprise

Answer 52

> 250 employeees

Question 53

What in Cobit is the Goals cascade ?

Answer 53

Its how goals get interpreted by the next layer down Stakeholder Needs → Enterprise Goals → Alignment Goals → Governance and Management Objectives

Question 54

How does the goal cascade work ?

Answer 54

At each stage there is a mapping between the value of that stage and values for the next stage and you work you way down until you get to the practical implementation steps that need to be carried out

Question 55

Describe EDM01: Ensure Governance Framework Setting and Maintenance

Answer 55

Provide a consistent approach integrated and aligned with the Enterprise Governance approach. I & T related decisions are made in line with the Enterprises strategies and objectives. Processes are managed effectively, contractual requirements are met and the governance requirements of the board are met

Question 56

Describe EDM02: Ensured Benefits delivery

Answer 56

Secure optimal value from I & T enabled initiatives, services and assets, cost efficient delivery of services and solutions and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently

Question 57

Describe EDM03: Ensured Risk Optimisation

Answer 57

Ensure the I & T related enterprise risk does not exceed the enterprises risk appetite and tolerance, The impact of I & T risk to enterprise value is identified and managed and the potential compliance failures are minimised.

Question 58

Describe EDM04: Ensured Resource Optimisation

Answer 58

Ensure that the resource needs of the Enterprise are met in an optimal manner, I & T costs are optimised and there is an increased liklihood of benefit realisation and readiness for future change.

Question 59

Describe EDM05: Ensure Stakeholder Engagement

Answer 59

Ensure that stakeholders are supportive of I & T strategy and roadmap communication is effective and timely and the basis for reporting is established to increase performance. Identify areas of improvement and confirm that I & T related objectives and strategies are in line with the Enterprises overall strategy.

Question 60

Describe AP01: Managed I & T Management Framework

Answer 60

Implement a consistent management approach for enterprise goals to be met, covering governance components such as management processes; Organizational structures; roles and responsibilities; reliable and repeatable activities; information items; policies and procedures; skills and competancies; culture and behaviour and services, infrastructure and applications.

Question 61

Describe APO2: Managed Strategy

Answer 61

Support the Digital Transformation Strategy through incremental change. Enable change in all different areas of the organisation from channels and processes to data, culture, skills, operating model and incentives

Question 62

Describe AP03: Managed Enterprise Architecture

Answer 62

Represent the different building blocks that make up the enterprise and interrelationships that make up the enterprise as well as the principles guiding the design over time, to enable a standard, responsive efficient delivery of operational and strategic initiatives.

Question 63

Describe AP04: Managed Innovation

Answer 63

Achieve competitive advantage, business innovation, improved customer experience and operational effectiveness by exploiting I & T developments and emerging technologies.

Question 64

Describe AP05: Managed Portfolio

Answer 64

Optimise the performance of the overall portfolio of programs in response to individual program, product, service performance and changing enterprise priorities and demand

Question 65

Describe AP06: Managed Budget and Costs

Answer 65

Provide transparency and accountability of cost and business value of solutions and services. Enabling informed decisions

Question 66

Describe APO7: Managed Human Resources

Answer 66

Optimise Human Resources capabilities to meet enterprise objectives

Question 67

Describe APO08:Manage Relationships

Answer 67

Enable the right relationships, knowledge skills and behaviours and mutual trust to stimulate a productive relationship between business stakeholders

Question 68

Describe APO10: Managed Vendors

Answer 68

Optimise available I & T capabilities to support I & T strategy and road map, minimise the risk with non compliant vendors and ensure competitive pricing.

Question 69

Describe APO09: Managed Service agreements

Answer 69

Ensure the I & T products and services and service levels meet current and future enterprise needs.

Question 70

Describe APO14: Managed Data

Answer 70

Ensure the effective utilisation of the clinical data assets to achieve enterprise objectives

Question 71

Describe APO10: Managed Vendors

Answer 71

Optimise available I & T capabilities to support I & T strategy and road map, minimise the risk with non compliant vendors and ensure competitive pricing.

Question 72

Describe APO11: Managed Quality

Answer 72

Ensure consistent delivery of systems, solutions and services

Question 73

Describe APO12: Managed Risk

Answer 73

Integrate I&T risk with overall enterprise risk and balance cost and benefits of I & T Risk with Enterprise risk

Question 74

Describe APO13: Managed Security

Answer 74

Manage the impact and occurrence of information security incidents within the Enterprise risk appetite

Question 75

Describe BAI01: Managed Programs

Answer 75

Realise desired business value and reduce unexpected delays, costs and value to erosion by improving communication to and involvement of business and users. Ensure the value and quality of program deliverables and follow up projects within programs and maximise program contribution to the investment portfolio.

Question 76

Describe BAI02: Managed Requirements Definition

Answer 76

Create optimal solutions that meet enterprise needs when minimising risk.

Question 77

Describe BAI03 Managed Solution Identification and Build

Answer 77

Ensure agile and scalable delivery of digital products and services. Ensure timely and cost effective solutions capable of supporting enterprise strategic objectives.

Question 78

Describe BAI04: Managed Availability and Capacity.

Answer 78

Optimise service performance and availability through future performance and capacity requirements predictions.

Question 79

Describe BA105: Managed Operational Change

Answer 79

Prepare and commit stakeholders for business change and reduce the risk of failure.

Question 80

Describe BAI06: Managed IT Changes

Answer 80

Enable fast and reliable change to the business. Mitigate the risk of negatively impacting the stability or integrity of the changed environment.

Question 81

Describe BAI07: Managed IT Change Acceptance and Transitioning

Answer 81

Implement solutions safely with the agreed expectations and outcomes.

Question 82

Describe BAI08: Managed Knowledge

Answer 82

Provide knowledge and information needed to support staff

Question 83

Describe BAI09: Managed assets

Answer 83

Account for all assets and optimise their use

Question 84

Describe BAI10: Managed Configuration

Answer 84

Assess impacts from configuration change and ensure configuration maximises the use of the asset

Question 85

Describe BAI11: Managed Projects

Answer 85

realise defined project outcomes and reduce the risk of delays and increased costs. Ensure value and quality of project deliverables.

Question 86

Describe DSS01 Managed Operations

Answer 86

Delivering managed operational products and services.

Question 87

Describe DSS02 Managed Service Requests and Incidents

Answer 87

Provide timely and effective response to user requests and resolution of all types of incidents. Restore normal service; record and fulfil user requests; and record, investigate, diagnose, escalate and resolve incidents

Purpose

Achieve increased productivity and minimize disruptions through quick resolution of user queries and incidents. Assess the impact of changes and deal with service incidents. Resolve user requests and restore service in response to incidents.

Question 88

Describe DSS03 Managed Problems

Answer 88

Identify and classify problems and their root causes. Provide timely resolution to prevent recurring incidents. Provide recommendations for improvements.

Purpose

Increase availability, improve service levels, reduce costs, improve customer convenience and satisfaction by reducing the number of operational problems, and identify root causes as part of problem resolution.

Question 89

Describe DSS04 Managed Continuity

Answer 89

Establish and maintain a plan to enable the business and IT organizations to respond to incidents and quickly adapt to disruptions. This will enable continued operations of critical business processes and required I&T services and maintain availability of resources, assets and information at a level acceptable to the enterprise.

Purpose

Adapt rapidly, continue business operations and maintain availability of resources and information at a level acceptable to the enterprise in the event of a significant disruption (e.g., threats, opportunities, demands).

Question 90

Describe DSS05 Managed Security Services

Answer 90

Protect enterprise information to maintain the level of information security risk acceptable to the enterprise in accordance with the security policy.

Purpose

Minimize the business impact of operational information security vulnerabilities and incidents.

Question 91

Describe DSS06 Managed Business Process Controls

Answer 91

Define and maintain appropriate business process controls to ensure that information related to and processed by in-house or outsourced business processes satisfies all relevant information control requirements. Identify the relevant information control requirements. Manage and operate adequate input, throughput and output controls (application controls) to ensure that information and information processing satisfy these requirements.

Purpose

Maintain information integrity and the security of information assets handled within business processes in the enterprise or its outsourced operation

Question 92

Describe MEA04: Managed Assurance

Answer 92

Plan, scope and execute assurance initiatives to comply with internal requirements, laws, regulations and strategic objectives. Enable management to deliver adequate and sustainable assurance in the enterprise by performing independent assurance reviews and activities.

Enable the organization to design and develop efficient and effective assurance initiatives, providing guidance on planning, scoping, executing and following up on assurance reviews, using a road map based on well-accepted assurance approaches.

Question 93

Describe MEA03: Managed Compliance with External Requirements

Answer 93

Evaluate that I&T processes and I&T-supported business processes are compliant with laws, regulations and contractual requirements. Obtain assurance that the requirements have been identified and complied with; integrate IT compliance with overall enterprise compliance.

Ensure that the enterprise is compliant with all applicable external requirements

Question 94

Describe MEA02: Managed System of Internal Control

Answer 94

Continuously monitor and evaluate the control environment, including self-assessments and self-awareness. Enable management to identify control deficiencies and inefficiencies and to initiate improvement actions. Plan, organize and maintain standards for internal control assessment and process control effectiveness.

Obtain transparency for key stakeholders on the adequacy of the system of internal controls and thus provide trust in operations, confidence in the achievement of enterprise objectives and an adequate understanding of residual risk.

Question 95

Describe MEA01 Managed Performance and Conformance Monitoring

Answer 95

Collect, validate and evaluate enterprise and alignment goals and metrics. Monitor that processes and practices are performing against agreed performance and conformance goals and metrics. Provide reporting that is systematic and timely.