Governance Systems and Components Flashcards
1
Q
In Cobit what are the highest two groupings of components ?
A
- Governance - Those components that fall into the remit of a governance body
- Management - Those components that are the remit of management to implement
2
Q
What are domains within Cobit ?
A
A broad categorisation of components
3
Q
What are the four management domains for Cobit components ?
A
- Align, Plan and Organise (APO)
- Build, Acquire and Implement (BAI)
- Deliver, Service and Support (DSS)
- Monitor, Evaluate and Assess (MEA)
4
Q
What is the only governance domain ?
A
Evaluate, Direct and Monitor
5
Q
Why in COBIT are the Organisational structures important ?
A
Because they are the delivery mechanism of the Cobit Components
6
Q
What is the board in the Cobit Organisational Structure ?
A
It is a Group of senior executive and non executive directors accountable for governance and overall control of enterprise resources
7
Q
What is the role of the Executive committee in Cobit ?
A
A committee appointed by the board to ensure that the board is involved or notified of major decisions
8
Q
What is the role of the Chief Executive Officer ?
A
Highest ranking officer charged with the total management of the enterprise
9
Q
What is the role of the Chief Financial Officer
A
Most senior officer responsible for all aspects of financial management including financial risk and controls and accurate accounts
10
Q
Chief Operating Officer
A
Most senior person responsible for the operations of the enterprise
11
Q
What is the role of the Chief Risk Officer ?
A
Most senior official responsible for all risk management across enterprise
12
Q
What is the role of the Chief Information Officer ?
A
Most senior officer responsible for aligning business and IT responsible for planning and resourcing and managing delivery of I & T services and solutions
13
Q
What is the role of the Chief Technical Officer
A
Most senior officer responsible for technical aspects of IT can be absorbed by Chief Information Officer role
14
Q
What is the role of the Chief Digital Officer
A
Most senior person responsible for digital aspects of company may be done by CIO role
15
Q
What is I & T Governance board ?
A
Group of stakeholders responsible for guiding I & T activities within organisations
16
Q
What is the role of the Architecture board ?
A
Responsible for setting Architecture and Standards
17
Q
What is the main responsibility of the Architecture board ?
A
Responsible for setting Architecture and Standards
18
Q
What is the role of the Enterprise Risk Committee
A
Responsible for managing enterprise risk management and decisions
19
Q
What is the role of the Chief Information Security Officer ?
A
Responsible for all aspects of security management across enterprise
20
Q
What is the role of the Business Process Owner ?
A
Responsible for driving through business process execution, management and change and improvement
21
Q
What is the role of the portfolio manager ?
A
Managing projects and portfolio management and realisation of long term objectives
22
Q
What is the role of the Steering Committee
A
Resource allocation, delivery of benefits and value, management and monitoring of plans
23
Q
What is the role of the Program Manager
A
Guides a specific program, risk management articulation of goals and objectives
24
Q
What is the role of a Project Manager ?
A
Responsible for guiding a particular project within a program in terms of activities and resources
25
What is the role of the Project Management Office ?
Supports program and project managers and gathers reporting information
26
What is the role of the Data Management Function ?
Responsible for Data assets management across enterprise data life cycle infrastructure and assets
27
What is the role of a Relationship Manager ?
Responsible for interface communications between I & T and business and external parties
28
What is the role of Head of IT Operations ?
Accountable for IT infrastructure, operations and environments
29
What is the role of Head of IT Administration ?
Responsible for maintaining IT records
30
What is the role of the Service Manager ?
Manages the implementation, development and evaluation of new and existing services and products
31
What is the role of Information Security Manager ?
Manages the implementation evaluation and ongoing maintenance of enterprises information security
32
What is the role of the business continuity manager \>
Manages processes and resources that ensure critical functions can continue to operate during disruptive events
33
What is the role of the privacy officer ?
Monitor impact of business and privacy requirements and compliance with them
34
What is the role of legal counsel
Guidance on legal and regulatory matters
35
Who manages Manages guidance for external compliance
Compliance
36
What is the role for audit
Responsible for internal audits
37
What is a design factor ?
Design Factors are influences on the design of a governance system.
38
In the Design Factor Enterprise Strategy what are the four main archetypes ?
1. Growth/Acquistion - Focus is on growth and acquisition
2. Innovation/Differentiation - Focus on different and innovative products
3. Cost Leadership - Short Term focus on cost minimisation
4. Client Service/Stability - Provision of a stable and client orientated service
39
Can an Enterprise have more than one strategy ?
Yes it can have a primary and a secondary strategy
40
What are enterprise goals design factors ?
Goals that are strategy specific so some goals are more aligned with the Cost minimisation strategy
41
Give four examples of Financial Enterprise Goals ?
1. Portfolio of Competitive Products and Services
2. Manage Business Risk
3. Compliance with External Laws and Regulations
4. Quality of Financial Information
42
Give three examples of customer oriented enterprise goals ?
1. Customer Oriented Service Culture
2. Business Service and Continuity
3. Quality of Management Information
43
Give four examples of Internal Enterprise Goals ?
1. Optimisation of Internal Business Processes
2. Staff Skill Motivation and Productivity
3. Compliance with Internal Policies
4. Optimisation of Internal Business Processes
44
Give two example of Growth focussed Enterprise Goals ?
1. Manage Digital Information Programs
2. Product and Business Innovations
45
What is the risk profile design factor ?
An understanding of those areas where the risk appetite is being exceeded and where the enterprise is exposed
46
What is the threat profile design factor ?
The landscape under which the enterprise operates
Normal - Normal threat landscape
High - Due to its geopolitical situation, industry sector or particular profile the enterprise is operating in a high level threat profile.
47
What are the three levels of the compliance design factor ?
Low, Normal and High
48
What are the four levels within the role of IT design factor ?
There are four types in COBIT
Support - IT is not crucial for the running or innovation of the business
Factory - IT is not seen as a driver for business process or services though failure is marked
Turnaround - IT is a driver for business process and services not a critical dependency on IT for business continuity
Strategic - IT is critical for both running and innovation
49
In the sourcing design factor what are the four options ?
1. Cloud
2. Outsourcing
3. Insourced
4. Hybrid
50
What are the four methods under implementation design factor
1. Agile
2. Devops
3. Traditional
4. Hybrid
51
What are the three types of technology adopter design factor
1. First Mover
2. Follower
3. Slow Adopter
52
In the Enterprise Size design factor what is considered a large enterprise
> 250 employeees
53
What in Cobit is the Goals cascade ?
Its how goals get interpreted by the next layer down Stakeholder Needs → Enterprise Goals → Alignment Goals → Governance and Management Objectives
54
How does the goal cascade work ?
At each stage there is a mapping between the value of that stage and values for the next stage and you work you way down until you get to the practical implementation steps that need to be carried out
55
Describe EDM01: Ensure Governance Framework Setting and Maintenance
Provide a consistent approach integrated and aligned with the Enterprise Governance approach. I & T related decisions are made in line with the Enterprises strategies and objectives. Processes are managed effectively, contractual requirements are met and the governance requirements of the board are met
56
Describe EDM02: Ensured Benefits delivery
Secure optimal value from I & T enabled initiatives, services and assets, cost efficient delivery of services and solutions and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently
57
Describe EDM03: Ensured Risk Optimisation
Ensure the I & T related enterprise risk does not exceed the enterprises risk appetite and tolerance, The impact of I & T risk to enterprise value is identified and managed and the potential compliance failures are minimised.
58
Describe EDM04: Ensured Resource Optimisation
Ensure that the resource needs of the Enterprise are met in an optimal manner, I & T costs are optimised and there is an increased liklihood of benefit realisation and readiness for future change.
59
Describe EDM05: Ensure Stakeholder Engagement
Ensure that stakeholders are supportive of I & T strategy and roadmap communication is effective and timely and the basis for reporting is established to increase performance. Identify areas of improvement and confirm that I & T related objectives and strategies are in line with the Enterprises overall strategy.
60
Describe AP01: Managed I & T Management Framework
Implement a consistent management approach for enterprise goals to be met, covering governance components such as management processes; Organizational structures; roles and responsibilities; reliable and repeatable activities; information items; policies and procedures; skills and competancies; culture and behaviour and services, infrastructure and applications.
61
Describe APO2: Managed Strategy
Support the Digital Transformation Strategy through incremental change. Enable change in all different areas of the organisation from channels and processes to data, culture, skills, operating model and incentives
62
Describe AP03: Managed Enterprise Architecture
Represent the different building blocks that make up the enterprise and interrelationships that make up the enterprise as well as the principles guiding the design over time, to enable a standard, responsive efficient delivery of operational and strategic initiatives.
63
Describe AP04: Managed Innovation
Achieve competitive advantage, business innovation, improved customer experience and operational effectiveness by exploiting I & T developments and emerging technologies.
64
Describe AP05: Managed Portfolio
Optimise the performance of the overall portfolio of programs in response to individual program, product, service performance and changing enterprise priorities and demand
65
Describe AP06: Managed Budget and Costs
Provide transparency and accountability of cost and business value of solutions and services. Enabling informed decisions
66
Describe APO7: Managed Human Resources
Optimise Human Resources capabilities to meet enterprise objectives
67
Describe APO08:Manage Relationships
Enable the right relationships, knowledge skills and behaviours and mutual trust to stimulate a productive relationship between business stakeholders
68
Describe APO10: Managed Vendors
Optimise available I & T capabilities to support I & T strategy and road map, minimise the risk with non compliant vendors and ensure competitive pricing.
69
Describe APO09: Managed Service agreements
Ensure the I & T products and services and service levels meet current and future enterprise needs.
70
Describe APO14: Managed Data
Ensure the effective utilisation of the clinical data assets to achieve enterprise objectives
71
Describe APO10: Managed Vendors
Optimise available I & T capabilities to support I & T strategy and road map, minimise the risk with non compliant vendors and ensure competitive pricing.
72
Describe APO11: Managed Quality
Ensure consistent delivery of systems, solutions and services
73
Describe APO12: Managed Risk
Integrate I&T risk with overall enterprise risk and balance cost and benefits of I & T Risk with Enterprise risk
74
Describe APO13: Managed Security
Manage the impact and occurrence of information security incidents within the Enterprise risk appetite
75
Describe BAI01: Managed Programs
Realise desired business value and reduce unexpected delays, costs and value to erosion by improving communication to and involvement of business and users. Ensure the value and quality of program deliverables and follow up projects within programs and maximise program contribution to the investment portfolio.
76
Describe BAI02: Managed Requirements Definition
Create optimal solutions that meet enterprise needs when minimising risk.
77
Describe BAI03 Managed Solution Identification and Build
Ensure agile and scalable delivery of digital products and services. Ensure timely and cost effective solutions capable of supporting enterprise strategic objectives.
78
Describe BAI04: Managed Availability and Capacity.
Optimise service performance and availability through future performance and capacity requirements predictions.
79
Describe BA105: Managed Operational Change
Prepare and commit stakeholders for business change and reduce the risk of failure.
80
Describe BAI06: Managed IT Changes
Enable fast and reliable change to the business. Mitigate the risk of negatively impacting the stability or integrity of the changed environment.
81
Describe BAI07: Managed IT Change Acceptance and Transitioning
Implement solutions safely with the agreed expectations and outcomes.
82
Describe BAI08: Managed Knowledge
Provide knowledge and information needed to support staff
83
Describe BAI09: Managed assets
Account for all assets and optimise their use
84
Describe BAI10: Managed Configuration
Assess impacts from configuration change and ensure configuration maximises the use of the asset
85
Describe BAI11: Managed Projects
realise defined project outcomes and reduce the risk of delays and increased costs. Ensure value and quality of project deliverables.
86
Describe DSS01 Managed Operations
Delivering managed operational products and services.
87
Describe DSS02 Managed Service Requests and Incidents
Provide timely and effective response to user requests and resolution of all types of incidents. Restore normal service; record and fulfil user requests; and record, investigate, diagnose, escalate and resolve incidents
Purpose
Achieve increased productivity and minimize disruptions through quick resolution of user queries and incidents. Assess the impact of changes and deal with service incidents. Resolve user requests and restore service in response to incidents.
88
Describe DSS03 Managed Problems
Identify and classify problems and their root causes. Provide timely resolution to prevent recurring incidents. Provide recommendations for improvements.
Purpose
Increase availability, improve service levels, reduce costs, improve customer convenience and satisfaction by reducing the number of operational problems, and identify root causes as part of problem resolution.
89
Describe DSS04 Managed Continuity
Establish and maintain a plan to enable the business and IT organizations to respond to incidents and quickly adapt to disruptions. This will enable continued operations of critical business processes and required I&T services and maintain availability of resources, assets and information at a level acceptable to the enterprise.
Purpose
Adapt rapidly, continue business operations and maintain availability of resources and information at a level acceptable to the enterprise in the event of a significant disruption (e.g., threats, opportunities, demands).
90
Describe DSS05 Managed Security Services
Protect enterprise information to maintain the level of information security risk acceptable to the enterprise in accordance with the security policy.
Purpose
Minimize the business impact of operational information security vulnerabilities and incidents.
91
Describe DSS06 Managed Business Process Controls
# Define and maintain appropriate business process controls to ensure that information related to and processed by in-house or outsourced business processes satisfies all relevant information control requirements. Identify the relevant information control requirements. Manage and operate adequate input, throughput and output controls (application controls) to ensure that information and information processing satisfy these requirements.
Purpose
Maintain information integrity and the security of information assets handled within business processes in the enterprise or its outsourced operation
92
Describe MEA04: Managed Assurance
Plan, scope and execute assurance initiatives to comply with internal requirements, laws, regulations and strategic objectives. Enable management to deliver adequate and sustainable assurance in the enterprise by performing independent assurance reviews and activities.
Enable the organization to design and develop efficient and effective assurance initiatives, providing guidance on planning, scoping, executing and following up on assurance reviews, using a road map based on well-accepted assurance approaches.
93
Describe MEA03: Managed Compliance with External Requirements
Evaluate that I&T processes and I&T-supported business processes are compliant with laws, regulations and contractual requirements. Obtain assurance that the requirements have been identified and complied with; integrate IT compliance with overall enterprise compliance.
Ensure that the enterprise is compliant with all applicable external requirements
94
Describe MEA02: Managed System of Internal Control
Continuously monitor and evaluate the control environment, including self-assessments and self-awareness. Enable management to identify control deficiencies and inefficiencies and to initiate improvement actions. Plan, organize and maintain standards for internal control assessment and process control effectiveness.
Obtain transparency for key stakeholders on the adequacy of the system of internal controls and thus provide trust in operations, confidence in the achievement of enterprise objectives and an adequate understanding of residual risk.
95
Describe MEA01 Managed Performance and Conformance Monitoring
Collect, validate and evaluate enterprise and alignment goals and metrics. Monitor that processes and practices are performing against agreed performance and conformance goals and metrics. Provide reporting that is systematic and timely.
