test

Question 2

What is governance?

Answer 2

Set of policies, rules, and processes that organizations implement to ensure their activities align with their business goals

Success involves providing accountability, defining jobs and responsibilities, and evaluating employees based on results.

Question 3

What are the two focuses of IT management and IT governance?

Answer 3

IT management: present + internal focus; IT governance: future + external focus

Question 4

What is the ISO/IEC 38500:2015?

Answer 4

Governance is part of Corporate Governance

Question 5

Define risk management.

Answer 5

Identifying, evaluating, and managing various risks, including legal, financial, and security-related risks.

Question 6

What does a risk management system consist of?

Answer 6

Personnel + technologies + processes => enforce risk mitigation

Question 7

What is the success criterion of risk management?

Answer 7

Keeping stakeholders informed, considering legal, contractual, and business requirements.

Question 8

What framework provides guidelines for managing risks?

Answer 8

ISO 31000

Question 9

True or False: Risk management should be part of the decision-making process.

Answer 9

True

Question 10

What does digital trust refer to?

Answer 10

Confidence in the integrity of the relationships, interactions, and transactions among providers and consumers within a digital ecosystem.

Question 11

What are the key factors of digital trust?

Answer 11

• Quality
• Availability
• Security and privacy
• Ethics and integrity
• Transparency and honesty
• Resiliency

Question 12

What is the GRC capability model?

Answer 12

Integrates risk, governance, audit, ethics/culture, IT, and compliance.

Question 13

List the four components of the GRC Capability Model.

Answer 13

• Learn
• Align
• Perform
• Review

Question 14

Define principled performance.

Answer 14

Reliably achieve objectives, address uncertainty, and act with integrity.

Question 15

What is the purpose of assurance in governance?

Answer 15

Provides reliability and confidence to management, the governing authority, and other stakeholders.

Question 16

What are the dimensions to assess ‘total performance’?

Answer 16

• Effectiveness
• Efficiency
• Agility
• Resilience

Question 17

What is the goal of Open Compliance and Ethics Groups (OCEG)?

Answer 17

To help solve problems using an interdisciplinary approach.

Question 18

What are the six principles for a governance system?

Answer 18

• Provide Stakeholder Value
• Holistic Approach
• Dynamic Governance System
• Governance Distinct from Management
• Tailored to Enterprise Needs
• End-to-end Governance System

Question 19

What is the COBIT framework?

Answer 19

Provides guiding principles for directors on the effective, efficient, and acceptable use of IT within their organizations.

Question 20

What are the two perspectives in governance and management?

Answer 20

• Governance: board level, external, future-oriented
• Management: executive level, internal, present-oriented

Question 21

What is the overall goal of the COBIT framework?

Answer 21

Enterprise goals have been consolidated, reduced, updated, and clarified.

Question 22

Fill in the blank: The purpose of process EDM01 is to __________.

Answer 22

Evaluate, direct, and monitor the governance system to ensure effectiveness, transparency, and alignment with business strategy.

Question 23

What are the key activities in the process EDM01?

Answer 23

• Evaluate stakeholder needs
• Direct governance principles to leadership
• Monitor governance performance

Question 24

What are the risks associated with AI?

Answer 24

• Misbehavior of AI
• Bias
• Abuse of AI systems
• Black box algorithms

Question 25

What is Explainable AI (XAI)?

Answer 25

Makes AI systems more transparent by providing clear explanations of their decisions.

Question 26

What does the EU AI Act classify AI systems into?

Answer 26

* Unacceptable risk * High risk * Limited risk * Low risk

Question 27

What is the significance of digital trust in today's business environment?

Answer 27

Essential for digital-first businesses and impacts stakeholder perceptions, brand reputation, and operational resilience.

Question 28

What are the four risk categories defined by the EU AI Act?

Answer 28

1. Minimal risk 2. Limited risk 3. High risk 4. Unacceptable risk ## Footnote The EU AI Act classifies AI systems into these four categories based on their potential impact.

Question 29

What is the main goal of Explainable AI (XAI)?

Answer 29

To make AI black box algorithms understandable for human users ## Footnote XAI aims to increase transparency in AI systems.

Question 30

What does the EU Digital Strategy focus on?

Answer 30

Technology in the interest of humanity, a democratic and sustainable society, and a fair and competitive economy ## Footnote This strategy emphasizes the ethical use of technology.

Question 31

How is trust defined in the context of psychology?

Answer 31

As a bridge between a trustor and a trustee, aimed at reducing complexity and includes a willingness to take risks ## Footnote This definition highlights the relational aspect of trust.

Question 32

What is the purpose of the Digital Trust Radar (DTR)?

Answer 32

To filter and access specific guidelines on responsible and trustworthy AI ## Footnote The DTR serves as a tool for evaluating AI trustworthiness.

Question 33

What is data privacy designed to protect?

Answer 33

Our personality and fundamental rights ## Footnote Data privacy is essential for maintaining democratic principles.

Question 34

What constitutes personal data under data protection laws?

Answer 34

Data relating to an identified or identifiable natural person ## Footnote This includes any information that can directly or indirectly identify an individual.

Question 35

What must consent for data processing be?

Answer 35

Voluntary and explicit ## Footnote Consent is a key requirement for lawful data processing.

Question 36

What is a Data Protection Impact Assessment (DPIA)?

Answer 36

A tool for self-evaluation on data processing risks ## Footnote DPIA helps organizations identify and mitigate risks associated with data processing.

Question 37

What does the GDPR regulate?

Answer 37

The processing and using of Personal Data of European citizens ## Footnote GDPR is a comprehensive data protection regulation in the EU.

Question 38

What is the core principle of GDPR?

Answer 38

Data protection by design and by default ## Footnote This principle ensures privacy is integrated into data processing systems.

Question 39

What is an internal audit?

Answer 39

An audit performed by employees of the organization ## Footnote Internal audits help organizations review their processes and compliance.

Question 40

What type of audits focuses on operational efficiency?

Answer 40

Operational audits ## Footnote These audits assess how well an organization is achieving its operational goals.

Question 41

What is the purpose of compliance audits?

Answer 41

To ensure regulatory conformity ## Footnote Compliance audits verify that organizations adhere to laws and regulations.

Question 42

What are the three types of controls in auditing?

Answer 42

1. Preventive control 2. Detective control 3. Corrective control ## Footnote Each type serves a different function in managing risks.

Question 43

What must companies processing personal data systematically nominate?

Answer 43

A Data Protection Officer (DPO) ## Footnote The DPO is responsible for overseeing data protection strategy and compliance.

Question 44

What are the 5Cs used for in auditing findings?

Answer 44

1. Criteria 2. Condition 3. Cause 4. Consequence 5. Corrective Action Plans ## Footnote The 5Cs framework helps auditors structure their findings.

Question 45

What is the primary role of an auditor?

Answer 45

To provide assurance regarding organizational goals and regulatory compliance ## Footnote Auditors assess whether operations meet established standards.

Question 46

Fill in the blank: Data protection is about data relating to an _______.

Answer 46

[identified or identifiable natural person]

Question 47

True or False: Data processing activities must be documented according to GDPR.

Answer 47

True ## Footnote Documentation is essential for transparency and compliance.

Question 48

What is the significance of a risk-based approach in auditing?

Answer 48

To prioritize what can go wrong and address those risks ## Footnote This approach enhances the effectiveness of the audit.

Question 49

What is the role of communication in the auditing process?

Answer 49

To ensure stakeholders are informed and understand audit results ## Footnote Effective communication facilitates transparency and follow-up actions.