COBIT 4.

1
Certification for Cobit Foundation
Ulisses Giovanini
 COBIT Foundation
Prova
Processo
Introdução a Governança
Introdução a Governança de TI
Introdução ao COBIT
Escopo
Princípios
Componentes
 COBIT - Prova
COBIT Foundation
Pré-requisito : Nenhum
Prova : 40 questões de múltipla escolha – Online
Duração : Uma hora
Aprovação : 70% (28 questões) ou mais
Provedor : http://cobitcampus.isaca.org
Investimento : Depende da instituição – média R$ 450,00

ITIL Foundation
Pré-requisito : Nenhum
Prova : 40 questões de múltipla escolha – Online
Aprovação : 65% (26 questões) ou mais
Duração : Uma hora
Provedor : VUE ou Prometric
Investimento : US$ 150.00
 COBIT - Processo
Todos os componentes que compõe a empresa (recursos +
fluxo de trabalho + produtos) devem estar integrados para
que juntos sejam capazes de suportar os objetivos
estratégicos.

É um conjunto de atividades definidas que combinam

recursos e capacidades para realizar um objetivo específico,
e que direta ou indiretamente cria valor para o cliente (ITIL).

Processo -> orientado ao negócio

Qualidade: PDCA

Ativo de Serviço: Recursos + Competências + Processos

 COBIT - Processo
Entradas Controles

Evento
Processamento e atividades Saídas

Recursos Competências
 COBIT - Governança
Governança corporativa é o conjunto de práticas
que tem por finalidade otimizar o desempenho de
uma companhia ao proteger todas as partes
interessadas, tais como investidores, empregados
e credores, facilitando o acesso ao capital.

Envolve, principalmente:
 Transparência,
 Eqüidade de tratamento dos acionistas
 Prestação de contas
 COBIT – Governança
Investidores
 Auxilia na decisão de investimento
 Melhora o poder de influência no desempenho da CIA

Objetivo
 Aumento do valor da companhia
 Redução de seu custo de capital
 Reconhecimento sobre o retorno dos investimentos
 Aumenta a viabilidade do mercado de capitais
 Redução de riscos (apropriação indevida)
 Proteção contra desvios de ativos
 COBIT – Governança de TI
Evolução

 Atua como um provedor de tecnologia ajudando o

negócio a realizar suas atividades de forma mais
eficiente desde o seu surgimento.

 Mudança de papel: Provedor de Tecnologia para um

Parceiro Estratégico

Cria valor para o negócio

Gera novas oportunidades de negócios
Integrada ao processos do ciclo de vida do negócio
Melhora a qualidade do serviço e agilidade no negócio
COBIT – Governança – Desafios de TI
Manter os serviços de TI disponíveis

Gerar valor nos projetos de TI

Redução de Custos e Riscos

Gerenciamento das complexidades de TI

Alinhamento da TI com as estratégias de negócio

Conformidade com normas regulatórias (externas)

Manter segurança sobre as informações

 COBIT - Governança
Governança de TI, é a responsabilidade de executivos e acionistas
(representado pelo conselho de administração). Consiste na liderança,
estrutura organizacional e processos que asseguram que a organização
sustenta e estende as estratégias e objetivos da organização.

Aceitação
 Melhores práticas
 Referência mundial

Benefícios
 Melhoria continua dos processos
 Mitigar Riscos
 Confiança da alta administração
 Pró-atividade de TI para o negócio
 Maior retorno de investimento
 Mais confiança nos serviços
 Maior transparência
 COBIT – Governança de TI
Incorporada a Governança Corporativa e pelo grande avanço da Tecnologia da
Informação no mundo dos negócios, as empresas se tornaram dependentes e com
enormes dificuldades em administrar a complexa estrutura da Tecnologia da Informação,
mais especificamente em direcioná-la em conformidade para a sustentação dos negócios
empresariais (Cobit 4.1, “BUSINESS GOALS AND IT GOALS”).

COBIT - “Control Objectives for Information and related Technology ”

Criada pelo “Information System Audit and Control Association ” ISACA

Função de ser uma estrutura modelo que fornece as melhores práticas para a Governança
da Tecnologia da Informação:
 Estruturados de uma forma gerenciável e lógica
 Atendendo as várias necessidades da estratégia corporativa
 Mitigando os riscos
 Absorvendo os assuntos técnicos
 Necessidades de controle e métricas de desempenho

Utilizando o sistema de pontuação para nivelar o grau de maturidade da governança da

empresa e com base neste, definir a evolução dos processos da organização, ITGI
 COBIT – Governança de TI
Quatro tipos de estrutura de decisões na organização

 Monarquia de Negócios

 Monarquia de TI

 Feudalismo

 Federalismo

 Duopólio
 COBIT – Governança de TI
Princípios da Governança de TI
 Direcionamento e Controle
 Responsabilidade (Nível de Controle)
 Prestação de Contas (Accountability)
 Alinhamento (conformidade Requisitos de Negócios)

Partes Interessadas – Stakeholders

 Externos
 Internos

Escopo da Governança de TI
 Alinhamento Estratégico
Plano de Ação
Benefícios: Valor, Otimização e Capacitação na Gestão)
 Entrega de Valor
Benefícios prometidos a um custo razoável
 Gestão de Risco
Plano: Apetite, Impacto X Probabilidade, Ações)
Ação: Mitigar, Transferência, Aceitação e Prevenção
 Gestão de Recursos
Capacidade de implementar a estratégia de TI a um custo razoável
Capacitação, Otimização de Custos e Tercerização
Humano > $$$
Entendimento da Estratégia para elaboração do Plano
 Gestão do Desempenho
Balanced ScoredCard
Indicadores definidos e acordados
 COBIT – Governança de TI - Princípios

Princípios da Governança de TI

 Direcionamento e Controle
o Fornece a Direção para implementar uma mudança
o Garante que o objetivo é atingido e agendas não desejáveis ocorram

 Responsabilidade
o Atribuir o nível adequado de controle
o Controle interno é de responsabilidade de todos e deve ser parte
implícita ou explicita de suas atribuições

 Prestação de Contas (Accountability)

o Responsabilidade de todos em prestar contas, reportar ou explicar suas
ações sobre o uso dos recursos disponibilizados

 Alinhamento
o Tecnologia da Informação é um fator crítico de sucesso para a
organização
 COBIT – Governança de TI - Escopo
Escopo da Governança de TI

Alinhamento Estratégico
o Meta Benefícios
o Definição dos objetivos Gerar valor para cia
o Estratégias para atingir os objetivos propostos Recursos otimizados
o Plano de ação para implementar as estratégias Gestão eficiente e eficaz

Entrega de Valor
o Entregar os benefícios prometidos a um custo razoável

Gestão de Risco
o Grau de risco
o Impacto e probabilidade de um risco.
o Plano de ação
Mitigação Transferência
Aceitação Prevenção

Gestão de Recursos
o Garantir que os recursos sejam capazes de entregar a estratégia de TI e ao mesmo tempo
otimizar os custos
Garantir que capacitações
Otimização de custos
Terceirização

Gestão do Desempenho
o indicadores efetivos devem ser definidos e aprovados pelas partes interessadas
Financeiro Clientes
Processos Aprendizado e Crescimento
 COBIT - Componentes
Requisitos de Negócio
Critérios da Informação
Recursos de TI
Processo de TI

Recursos de TI

Requerimentos Informação
de Negócio (Critérios)
Processos de TI
COBIT - Requerimentos de uma Estrutura de Controle

Fornecer Estreito Foco no Negócio

 Alcança o estreito foco no negócio ao alinhar TI com os

objetivos de negócio

Garantir Orientação por Processos

 Processos definem metas e responsabilidades e permitem a

empresa manter controle sobre níveis de serviços

Possuir Aceitação entre as Empresas

 Padrão mundialmente comprovado e aceito

Auxiliar o Cumprimento de Regulamentações Externas

 Guia de controles de TI a serem demonstrados para os órgãos

regulatórios

Definir uma Linguagem Comum

 Ajuda a por todos na mesma página ao definir termos e

glossários
 COBIT - Domínios
Planejamento e Organização
 Identificar maneiras nas quais o TI pode contribuir para o atingimento dos
objetivos de negócio.
 Foco é garantir a correta organização e governança
 PO10 Gerenciar Projetos

Aquisição e Implementação
 As soluções de TI precisam ser identificadas, desenvolvidas ou adquiridas e
implementadas e integradas com os processos de negócio.
 Cobre as mudanças dos sistemas (novos ou existentes) para garantir que eles
operem sem interrupções

Entrega e Suporte
 Operações rotineiras, segurança, continuidade e treinamento
 DS1 Definir e Gerenciar Níveis de Serviço
 DS2 Gerenciar Serviços de Terceiros
 DS4 Garantir Continuidade de Serviços
 DS5 Garantir Segurança dos Sistemas
 DS11 Gerenciar Dados
 DS13 Gerenciar Operações

Monitoração e Avaliação
 Avaliar regularmente os processos de TI quanto às questões de qualidade e
cumprimento com requerimentos de controle e endereçar o processo de controle
da empresa
 COBIT - Domínios
CobiT possui:
 4 - Domínios de Processos
 34 - Processos de Alto Nível – High Level Control Objective - Processos
 214 - Processos Detalhados – Práticas de Controle

Objetivo de Controle Detalhado

 Sustenta o objetivo de um Processo
 resultado desejado de uma proposta a ser atingido em uma determinada atividade do
processo
 Relacionado aos mínimos controles requeridos no processo

Práticas de Controle (Control Practices)

 Utilizado para implementar o Objetivo de Controle Detalhado
 Fornecem o “como” e “porque” utilizar o objetivo de controle detalhado
 COBIT - Panorama
Pesquisa realizada pelo itSMF Brasil com 200 grandes companhias brasileiras:

85% dessas empresas investem em modelos de Governança de TI, há três anos o

índice era de apenas 18%
20% ITIL
13% processo de certificação ISO 20.000
16% adoção do Cobit
11% Balanced Scorecard
06% CMM
06% PMI
44% Participam de eventos e seminários sobre o assunto
84% Serviços de treinamento para adoção às melhores práticas
30% Livros e sites como fonte de pesquisa

O estudo foi realizado com CIOs, diretores e gerentes de TI das empresas que
participaram da quinta edição do itSMF Brasil Conference. Fazem parte da lista
órgãos públicos, grandes indústrias, empresas da área de telecomunicações,
bancos e seguradoras. "A pesquisa mostra que nosso mercado reconhece a
necessidade de investir em disciplinas de Governança de TI e, dentro deste
universo, adota uma visão multidisciplinar, com a convivência, dentro de uma
mesma companhia, de diversos frameworks de Best Practices", diz Geraldo Coen,
presidente do itSMF Brasil. (www.itsmf.com.br/itsmf/site/primeira.asp)
 COBIT - Relacionados
MOF no TechNet www.microsoft.com/brasil/technet/itsolutions/cits/mo/mof/default.mspx
MSF no TechNet www.microsoft.com/technet/solutionaccelerators/msf/default.mspx
COBIT www.isaca.org/cobit.htm
CMM www.sei.cmu.edu/cmm/cmm.html
EFQM www.efqm.org/new_website
Six Sigma www.ge.com/sixsigma
Deming www.deming.org
British Standards www.bsi.org.uk
Institution
The Balanced www.balancedscorecard.org/basics/bsc1,html
Scoredcard
ITIL www.itil.co.uk
OGC www.ogc.gov.uk
EXIN www.exin-exams.com
ISEB www.bcs.org.uk
Outros www.itilcollege.com
www.itsm-learning.com
www.itilsurvival.com
www.itil-itsm-world.com
www.itsmdirect.com
 Aplicação - COBIT
Domínios

Processos
Objetivos das Eficiência &
Atividades Eficacia Controlado por

Objetivos de
Controle
Indicadores de
Performance
Medidos por

Implementado por Práticas de

Indicadores de
Controle
Resultados

Controlado e Auditados por Diretivas de

Modelos de
Auditoria
Maturidade
 COBIT - COSO
O COSO (Committee of Sponsoring Organizations of the Treadway Commission) é uma
organização privada criada nos EUA em 1985 para prevenir e evitar fraudes nas
demonstrações contábeis da empresa.

Inicialmente criada como National Commission on Fraudulent Financial Reporting (em

português: Comissão Nacional sobre Fraudes em Relatórios Financeiros), essa comissão era
formada por representantes das principais associações de classes de profissionis ligados a
área financeira. O primeiro objeto de estudo da comissão foram os controles internos da
empresas. Essa comissão posteriomente tournou-se um comitê e passou a se chamar COSO
- Committee of Sponsoring Organizations of the Treadway Commission (em português:
Comitê das Organizações patrocinadas).

O COSO é uma organização sem fins lucrativos, dedicada a melhoria dos relatórios
financeiros, sobretudo pela aplicação da ética e efetividade na aplicação e cumprimento dos
controles internos e é patrocinado pela cinco das principais associações de classe de
profissionais ligados à area financeira nos EUA.

Em decorrência da globalização e padronização internacional das técnicas de auditoria, as

recomendações da COSO, relativas ao controles internos, bem como seu cumprimento e
observância, são amplamente praticados e tidos como modelo e referência no Brasil e na
maioria dos paises do mundo.

http://pt.wikipedia.org/wiki/COSO
 COBIT - Sarbanes-Oxley - SOX
Sarbanes-Oxley Act ou Lei Sarbanes-Oxley é uma lei estadunidense assinada em 30 de julho de 2002 pelo senador Paul
Sarbanes (Democrata de Maryland) e pelo deputado Michael Oxley (Republicano de Ohio).

Motivada por escândalos financeiros coorporativos (dentre eles o da Enron, que acabou por afetar drasticamente a empresa
de auditoria Arthur Andersen), essa lei foi redigida com o objetivo de evitar o esvaziamento dos investimentos financeiros
e a fuga dos investidores causada pela aparente insegurança a respeito da governança adequada das empresas.

A lei Sarbanes-Oxley, como foi chamada, foi apelidada carinhosamente de Sarbox ou ainda de SOX. Seu conjunto busca
garantir a criação de mecanismos de auditoria e segurança confiáveis nas empresas, incluindo ainda regras para a
criação de comitês e comissões encarregados de supervisionar suas atividades e operações de modo a mitigar riscos
aos negócios, evitar a ocorrência de fraudes ou ter meios de identificar quando elas ocorrem, garantindo a transparencia
na gestão das empresas.

Atualmente grandes empresas com operações financeiras no exterior seguem a lei Sarbanes-Oxley.

A lei Sarbannes-Oxley afeta dezenas de empresas brasileiras que mantém ADRs (American Depositary Receipts) negociadas
na NYSE, como a Petrobrás, a Companhia Brasileira de Distribuição (Grupo Pão de Açúcar) e a Telemig Celular.

Requerimentos da lei
Controlar a criação, edição e versionamento dos documentos em um ambiente de acordo com os padrões ISO, para controle
de todos os documentos relativos à seção 404;
Cadastrar os riscos associados aos processos de negócios e armazenar os desenhos de processo;
Utilizar ferramentas como editor de texto e planilha eletrônica para criação e alteração dos documentos da seção 404;
Publicar em múltipos websites os conteúdos da seção 404;
Gerenciar todos os documentos controlando seus períodos de retenção e distribuição;
Digitalizar e armazenar todos os documentos que estejam em papel, ligados à seção 404.

Seção 404
A seção 404 determina uma avaliação anual dos controles e procedimentos internos para emissão de relatórios financeiros.
Além disso, o auditor independente da companhia deve emitir um relatório distinto que ateste a asserção da
administração sobre a eficácia dos controles internos e dos procedimentos executados para a emissão dos relatórios
financeiros.

http://pt.wikipedia.org/wiki/Sarbanes-Oxley
 COBIT - Benchmarking
O Benchmarking é um processo sistemático e contínuo de avaliação dos
produtos, serviços e processos de trabalho de organizações que são
reconhecidas como representantes das melhores práticas, com a
finalidade de introduzir melhorias na organização.

Ser o melhor entre os melhores. Em outras palavras é olhar para a

concorrência e "copiar o que está dando certo" - adotar as melhores
práticas

Benchmarking não é um método aleatório de recolher informação, mas

trata-se de um processo sistemático estruturado etapa a etapa, com o
objetivo de avaliar os métodos de trabalho no mercado.

Os outputs deste processo proporcionam às empresas comparar os

seus produtos, serviços e métodos de trabalho com os das organizações
representantes das melhores práticas

http://pt.wikipedia.org/wiki/Benchmark_%28computa%C3%A7%C3%A3o%29
 COBIT – KPI - KGI
KGI - Key Goal Indicators
 Métricas predefinidas que indicam se um processo de TI alcança o
seu propósito
 Se um processo alcançou seu objetivo de satisfazer um
requerimento de negócio

KPI -Key Performance Indicators

 Medidas que determinam quão bem o processo está
desempenhando para viabilizar o atingimento do objetivo do
processo.
 Eles influenciam positivamente o resultado de um processo
 São indicadores utilizados para medir o progresso em direção aos
objetivos. Eles medem os objetivos das atividades, que são as ações
que o dono do processo deve tomar para alcançar o desempenho
efetivo do processo.
 Geralmente são indicadores curtos, focados e mensuráveis
 COBIT – KPI - KGI
Medida seria cinco centímetros: identificam quantos múltiplos ou frações do padrão estão sendo considerados.
O centímetro é o padrão, uma pessoa medindo alguma coisa nos Estados Unidos vai obter a mesma medida que
uma pessoa na Europa.

Métrica seria, por exemplo: houve apenas dois erros descobertos pelo usuário nos primeiros 18 meses de
operação.
Isto dá mais informação significativa do que dizer que o sistema entregue é de excelente qualidade.

Indicador é um indicador é alguma coisa que chama a atenção de uma pessoa para uma situação específica.
Ativação de um detector de fumaça na sua casa;
Aumento substancial no número de defeitos encontrados na versão mais recente do código.

Segundo o padrão sugerido pelo IEEE

Medir / Medida
Avaliar, comparando com um padrão. Um padrão ou unidade de mensuração: a extensão, dimensão, capacidade,
etc. de alguma coisa, especialmente na forma determinada por um padrão; o ato ou processo de mensurar;
o resultado de uma mensuração.

Mensuração
O ato ou processo de mensurar. Um número, extensão ou quantidade obtida através de medição. O ato ou
processo de mensurar alguma coisa. Também se refere a um resultado, como um número expressando a
extensão ou valor obtido através da medição.

Métrica
Uma medida quantitativa do grau segundo o qual um sistema, componente ou processo possui um dado atributo.
Um indicador calculado ou composto, baseado em duas ou mais medidas. Uma medida quantificável do grau
segundo o qual um sistema, componente ou processo possui um dado atributo.

Indicador
Um dispositivo ou variável ao qual pode ser atribuído um estado pré-definido, com base nos resultados de um
processo, ou na ocorrência de uma condição específica. Como exemplo, um "flag" ou semáforo. Uma métrica
que provê uma visão dos processos do desenvolvimento de software e das atividades de melhoria do
processo de software com respeito ao alcance dos objetivos.

Fonte:BFPUG (www.bfpug.com.br)
 COBIT - Balanced Scorecard
Balanced Scorecard é uma metodologia disponível e aceita no mercado desenvolvida
pelos professores da Harvard Business School, Robert Kaplan e David Norton, em 1992

O BSC foi apresentado inicialmente como um modelo de avaliação e performance

empresarial, porém, a aplicação em empresas proporcionou seu desenvolvimento para
uma metodologia de gestão estratégica.

Os requisitos para definição desses indicadores tratam dos processos de um modelo da

administração de serviços e busca da maximização dos resultados baseados em quatro
perspectivas que refletem a visão e estratégia empresarial:
 financeira;
 clientes;
 aprendizado e crescimento;
 processos internos.

BSC (Balanced Scorecard) é uma sigla que pode ser traduzida para Indicadores
Balanceados de Desempenho, ou ainda para Campos (1998), Cenário Balanceado. O
termo “Indicadores Balanceados” se dá ao fato da escolha dos indicadores de uma
organização não se restringirem unicamente no foco econômico-financeiro, as
organizações também se utilizam de indicadores focados em ativos intangíveis como:
desempenho de mercado junto a clientes, desempenhos dos processos internos e
pessoas, inovação e tecnologia. Isto porque, a somatória destes fatores, alavancarão o
desempenho desejado pelas organizações, conseqüentemente criando valor futuro.
COBIT - Balanced Scorecard
 COBIT - itSMF
O IT Service Management Forum (itSMF) é independente e internacionalmente reconhecido
forum IT Service Management para profissionais em todo o mundo. Esta organização é sem
fins lucrativos e está se destacando no desenvolvimento e promoção de IT Service
Management como "melhor prática", modelos e competências desde 1991. Como negócios
chegar a depender mais da tecnologia para promover e entregar os seus
produtos/comercializar , os benefícios de adaptar "melhor prática" IT Service Management e
de se tornar parte de organização tais como a Conferência de IT Service Management
tornando-se mais amplamente conhecido.

O itSMF proporciona um acesso a rede de peritos industriais, busca de informação e

eventos ajudando nos serviços de administração de TI e na formatação de métodos para
alta qualidade, consistente no serviço de TI internamente e externamente através da adoção
das "melhores práticas".

Globalmente, o itSMF tem acima de 5000 empresas cadastradas, relacionamento estreito

para transferência de conhecimento e segmentação semelhante, cobrindo com o
tranquilidade mais de 50,000 indivíduos espalhados por mais de 35 Capítulos no mundo.

Cada capítulo é uma empresa independente e é totalmente autônomo. Há uma entidade

Internacional separada que provê administração global e tem por função apoiar a existência
e o crescimento dos capítulos. inclusive possuem seu próprio website sendo www.itsm.org.

O itSMF está relacionado a promover ITIL (a Biblioteca de Infra-estrutura de TI), melhores

práticas em Administração de Serviço deTI e tem alto interesse no ISO/IEC 20000
standard).
 COBIT - ITGI
The IT Governance Institute (ITGI) was established in 1998 in recognition
of the increasing criticality of information technology to enterprise
success. In many organizations, success depends on the ability of IT to
enable achievement of business goals. In such an environment,
governance over IT is as critical a board and management discipline as
corporate governance or enterprise governance. Effective IT
governance helps ensure that IT supports business goals, maximizes
business investment in IT, and appropriately manages IT-related risks
and opportunities.

ITGI is a research think tank that exists to be the leading reference on IT-
enabled business systems governance for the global business
community. ITGI aims to benefit enterprises by assisting enterprise
leaders in their responsibility to make IT successful in supporting the
enterprise's mission and goals. By conducting original research on IT
governance and related topics, ITGI helps enterprise leaders
understand and have the tools to ensure effective governance over IT
within their enterprise.

www.itgi.org
 COBIT - Vocabulário
CEO - Chief Executive Officer: É o cargo mais alto da empresa. É chamado também de presidente, principal executivo, diretor geral, entre outros. Quando existe um presidente e
um CEO, o primeiro é mais forte.

COO - Chief Operating Officer: A tradução é executivo chefe de operações. Geralmente o braço direito dos CEO´s.

CFO - Chief Financial Officer: Um nome mais sofisticado para diretor de finanças.

CHRO - Chief Human Resources Officer: Mais conhecido como diretor de Recursos Humanos.

CIO - Chief Information Officer: Responsável pelo planejamento e estratégia por trás da tecnologia. Pode ser também chief imagination officer, termo criado pela fabricante
americana de computadores Gateway. É responsável por promover a criatividade entre o pessoal.

CTO - Chief Technology Officer: Existe uma confusão muito grande. Geralmente o CTO comanda a infra-estrutura da área de tecnologia. Enquanto o CIO o seu uso estratégico.

CKO - Chief Knowledge Officer / CLO - Chief Learning Officer: Responsável por administrar o capital intelectual. Ele precisa reunir e gerenciar todo o conhecimento da
organização.

CRO - Chief Risk Officer: Além de gerenciar o risco nas operações financeiras, o CRO também é responsável por analisar as estratégias do negócio, a concorrência e a
legislação.

CMO - Chief Marketing Officer: Diretor de marketing. No BankBoston é o profissional responsável por cuidar também dos novos negócios e Internet.

Chairman - presidente do conselho

Country manager - diretor geral para o país

Fonte: http://vocesa.abril.uol.com.br/aberto/online/012002/355_1.shl
 COBIT - Vocabulário
EFICÁCIA é atingir o objetivo proposto, cumprir, executar, operar, levar a cabo. É o que
realiza perfeitamente determinada tarefa ou função, que produz o resultado pretendido.

EFICIÊNCIA é a qualidade de fazer com excelência, sem perdas ou desperdícios (de

tempo, dinheiro ou energia), é aquilo ou aquele que chega ao resultado, que produz o seu
efeito específico mas com qualidade, com competência, com nenhum ou com o mínimo
de erros.

EFETIVIDADE é a qualidade do que atinge seu objetivo, a capacidade de funcionar

normalmente, satisfatoriamente, porém tem mais a ver com a realidade, com o que é real
e verdadeiro, está realmente disponível, é incontestável, verificável, executável.

Se o resultado de um processo atende o padrão definido, então o processo é efetivo e, se

as atividades no processo estão de acordo com o mínimo esforço e custos requeridos,
então o processo é eficiente

Fonte: Maria Tereza de Queiroz Piacentini (www.linguabrasil.com.br)

 COBIT - Bibliografia
ITSM LIBRARY, IT GOVERNANCE BASED ON COBIT 4.0, Editora: VAN HAREN PUBLISHING,
2007.
IT Governance Institute, “COBIT 4.1”, Ed 2007
IT Governance Institute, “The IT Governance Implementation Guide: Using COBIT® and Val IT”
2nd Edition
IT Governance Institute, “Board Brifing on IT Governance”- 2a. Ed. 2003
COBIT: Control Objectives for information and related technology: Framework, 3a. Ed. 2000.
COBIT: Control Objectives for information and related technology: Control Objectives, 3a.Ed.
2000.
COBIT: Control Objectives for information and related technology: ManagementGuidelines, 3a.
Ed 2000.
COBIT: Control Objectives for information and related technology: Audit Guidelines, 3a.Ed. 2000.
OFFICE OF GOVERNMENT COMMERCE , “ITIL FOR SERVICE DELIVERY”, STATIONERY
OFFICE BO, Ed 2001.
OFFICE OF GOVERNMENT COMMERCE , “ITIL FOR SERVICE SUPPORT”, STATIONERY
OFFICE BO, Ed 2001.
PESTANA, M. H.; GAGEIRO, J. N. Análise de Dados para Ciências Sociais. A
Complementaridade do SPSS. 2ª Ed. Lisboa: Edições Sílabo, 2000
LAKATOS, E.M e MARCONI, M.A. Metodologia Científica. São Paulo, Editora Atlas, 2005
MATTAR, Fauze N. Pesquisa de Marketing. São Paulo. Atlas, 1998
SELLTIZ, C.; WRIGHTSMAN, L.S.; COOK, S. W. Métodos de pesquisa nas relações sociais.
São Paulo. EPU, 1987
Site: http://pt.wikipedia.org, Pesquisa: GOVERNANÇA CORPORATIVA
Site:www.cvm.gov.br
Site: , RECOMENDAÇÕES DA CVM SOBRE GOVERNANÇA CORPORATIVA,
06/2002.
SELLTIZ, C et al. Métodos de Pesquisa nas Relações Sociais. São Paulo, 1959
 COBIT - Simulado
1. A primary advantage of adopting the COBIT Framewrok is
that it:

A. is compatible with other frameworks.

B. is based on accounting controls
C. focuses on security
D. focuses on operations

2. Which COBIT product provides the most up-to-date COBIT

information?

A. IT Governance Implementation Guide

B. COBIT Framework
C. COBIT online
D. COBIT Control Objectives
 COBIT - Simulado
3. The Information Criteria concerned with accuracy and
completeness of information is:

A. Integrity
B. Compliance
C. Reliability
D. Confifentiality

4. COBIT contributes to the use of multiple standards and

practices within organizations because it:

A. helps enhance accounting procedures

B. is positioned centrally at the general lvel
C. covers IT control and business controls
D. conbe used as systems development life cycle
 COBIT - Simulado
5. ISO 17799 provides the detailes how to do it for:

A. information security management

B. project management
C. service delivery
D. strategic planning

6. Which of the following IT Processes is concerned with the

post implementation review plan?

A. PO5 Manage the IT investment

B. PO10 Manage projects
C. PO11 Manage quality
D. AI6 Manage changes
 COBIT - Simulado
7. Which of the following is the best way to make performance
measurement successful?

A. Set targets that stretch performance in key aspects of IT

service delivery
B. Report on performance failures and successes and publish
openly
C. Establish metrics that have been defined and approved by
stakeholders
D. Insist that all staff members measure their personal
performance

8. You need to tailor COBIT for your own organization and

define how to improve processes.

A. True
B. False
 COBIT - Simulado
9. Which of the following is a characteristic of a control
framework?

A. Exception reports
B. General acceptability
C. Audit trails
D. Mandatory limts

10. Wich of the following IT Processes include a detailed control

objective for post implementation reviews?

A. PO10 Manage projects

B. DS2 Manage third-party services
C. ME1 Monitor and evaluate IT performance
D. AI6 Manage changes
 COBIT - Simulado
11. In PO10 project milestones and criteria for evaluating
success indicates which level of maturity?

A. Level 1 - Initial
B. Level 4 - Managed
C. Level 3 - Defined
D. Level 2 - Repeatable

12. Which stage of the Audit Guidelines helps determine the

appropriateness of the stated controls?

A. Evaluation
B. Identification and Documentation
C. Compliance Testing
D. Substantive Testing
 COBIT - Simulado
13. Which of the following is a benefit of strategic alignment?

A. Optimizing the use of resources

B. Producing high-quality software
C. Meeting project deadlines
D. Maintaining skilled resources

14. What does the COBIT Framework focus on?

A. A guide for the business in how to use IT services

B. A checklist for auditors
C. Adequate governance, management and control of IT
D. Required control procedures
 COBIT - Simulado
15. Which COBIT IT Resource can be defined as being
hardware, operating systems, database management
systems, networking, multimedia and environment?

A. Infrastructure
B. Systems
C. Technology
D. Software

16. Which COBIT products provides a select and summarized

version of COBIT?

A. IT Governance Implementation
B. Control Objectives
C. Management Guidelines
D. COBIT Quickstart
 COBIT - Simulado
17. Which components of COBIT will help answer the question:
How do I determine whether we are doing the right things?

A. Control Objectives
B. Framework
C. Management Guidelines
D. IT Governance Implementation Guide

18. Which of the following is the best way for an organization to

keep IT running?

A. Ensuring the the IT environment is physically secure

B. Ensuring that there is a duplicate alternate processing center
C. Protecting the IT environment against all risks that may
interrupt service availability
D. Monitoring all processing activity in a continuous basis
 COBIT - Simulado
19. COSO is an accepted framework for establishing:

A. regulatory requirements
B. IT controls
C. management processes
D. internal controls

20. Which domain of IT Governance delivers benefits at a

reasonable cost?

A. Resource management
B. Performance Measurement
C. Value delivery
D. Risk management
 COBIT - Simulado
21. The Number of significant incidents of supplier non-
compliance per time period is an example of a COBIT KPI?

A. True
B. False

22. Which of the following is a stage in the generic audit process

defined in the Audit Guidelines?

A. Measuring Performance
B. Identification and Documentation
C. Defining Approaches
D. Identifying Users
 COBIT - Simulado
23. Which COBIT domain focuses on making sure changes
cannot be made without disrupting business acitivities?

A. Deliver and Support

B. Acquire and Implement
C. Plan and Organize
D. Monitor and Evaluate

24. How do COBITs Management Guidelines help to keep the

ship on course?

A. Metrics and maturity models enable scorecards and

benchmarking to be used
B. Key activities enable important actions to be performed
C. Control objectives enable key controls to be defined
D. Control practices enable users to implement effective controls
 COBIT - Simulado
25. Which of the following can be benchmarked in COBIT
Online?

A. Use of Control Practices

B. Significance of Information Criteria
C. Relevance of IT Resources
D. Importance of a process

26. The COBIT Framework States that to satisfy business

objectives, information needs to conform to certain
information criteria, including?

A. Delivery
B. Confidentiality
C. Continuity
D. Security
 COBIT - Simulado
27. A risk management method is risk:

A. taking
B. adjustment
C. measurement
D. mitigation

28. Which of the following is a key benefit of IT Governance?

A. Greater awareness of available technical solutions

B. Better return on investment
C. Ability to be an IT leader
D. Increased IT investment
 COBIT - Simulado
29. Which of the following is the most significant challenge in the
management of IT?

A. Solving technical problems

B. Choosing the best management tools
C. Maintaining currency of the infrastructure
D. Aligning IT objectives with the business objectives

30. Which of the following is an IT resource identified in COBIT?

A. Network
B. Systems software
C. Servers
D. Applications
 COBIT - Simulado
31. Which of the following is the most important organizational
challenge facing all organizations today?

A. Developing technology solutions

B. Determining the appropriate level of control for IT
C. Buying the right computer systems
D. Using the latest technology

32. The Audit Guidelines enable the auditor to:

A. Assess maturity of processes

B. Define controls
C. Set objectives and measures
D. Assess and communicate IT risks
 COBIT - Simulado
33. To satisfy business objectives, information needs to conform
to certain criteria, which COBIT refers as:

A. Control Objectives
B. Control Practices
C. Information Criteria
D. Key Goal Indicators

34. In DS2 Measurement of the service provider is informal and

reactive indicates which level of maturity?

A. Level 1 - Initial
B. Level 4 - Managed
C. Level 2 - Repeatable
D. Level 3 - Defined
 COBIT - Simulado
35. Which of the following is a component of the COBIT
Framework?

A. IT Security Objectives
B. IT Audit Objectives
C. IT Processes
D. IT Procedures

36. Which of the following is included as a component part of the

COBIT mission?

A. Provide consulting and implementation services

B. Certify companies and products
C. Produce in ISO standard
D. Develop internationally accepted control objectives
 COBIT - Simulado
37. Which of the following is a fiduciary requirement within the
COBIT Information Criteria?

A. Reliability of information
B. Quality
C. Confidentiality
D. Cost

38. Which of the following is a component of the management

guidelines?

A. Assurance levels
B. Process descriptions
C. RACI charts
D. Information attributes
 COBIT - Simulado
39. Which level of maturity in the COBIT IT process is usually
associated with a process being monitored?

A. Level 2 - Repeatable
B. Level 3 - Defined
C. Level 1 - Initial
D. Level 4 - Managed

40. The generic model approach and method of scoring from

nonexistent to optimized ( from 0 to 5) within COBIT is
designed to help organizations understand their:

A. Controls
B. Domains
C. Capabilities
D. Metrics
 COBIT – Simulado 2
1 ) Which of the following is the most significant concern in the
management of IT?

a) Making technology work correctly

b) Keeping IT running
c) Keeping up to date with the latest solutions
d) Supporting developers with toolkits

2 ) What is an essential attribute of successful performance

management?

a) Frequently achieved targets

b) Setting achievable goals
c) Threatening sanctions if targets are not met
d) Metrics defined and approved by the stakeholders
 COBIT – Simulado 2
3 ) Which of the following is a common reason why IT projects exceed
budget expectations or deadlines?

a) Cost of IT specialists
b) Unavailability of the latest technology
c) Underestimation of the effort required
d) Lack of automation of development tools

4 ) Which one of the following is a common problem encountered

while trying to align IT and the business?

a) Use of an external IT consultant for project management

b) Communication gaps between the business and IT
c) Inadequacy of problem management practices
d) Rushing to develop too quickly
 COBIT – Simulado 2

5 ) Which of the following is a principle of IT Governance?

a) Accountability
b) Reliability
c) Availability
d) Probability

6 ) Which of one of these is a strategic objective?

a) Delivering on time and budget

b) Zero faults
c) Developing systems in house
d) Devising strategies to achieve stated goals
 COBIT – Simulado 2
7 ) Which of the following is a potential benefit of strategic alignment?

a) Cost-effective administration and management

b) Use of the latest technology
c) Being first to market
d) Delivery on time and within budget

8 ) Which of the following is an important component of risk

management?

a) Taking no risks
b) Canceling any initiative that is risky
c) Understanding the appetite for risks
d) Using old tried and testes systems
 COBIT – Simulado 2

9 ) Which of the following represents an organizational perspective of

a balanced scorecard?

a) A dashboard
b) A metric
c) A bonus scheme
d) A costumer

10 ) Which of the following is a characteristic of a control framework?

a) Strict rules
b) Penalty for noncompliance
c) Process orientation
d) Measurement system
 COBIT – Simulado 2
11 ) Which of the following is a key benefit of IT Governance?

a) Lower IT costs
b) Responsiveness of IT
c) Greater use of technology
d) Increased budget for IT projects

12 ) Which of the following is the best way to use COBIT?

a) To improve all IT process

b) As a mandatory standard
c) As a guide for the business to maximize the benefits of IT
d) To help prioritize which IT process to focus on
 COBIT – Simulado 2
13 ) How does the COBIT Framework help an organization implement
IT Governance?

a) It contains ready-made work programs

b) It provides policies and standards that can be mandated
c) It provides good practice and guidance
d) It has controls that can be implemented as they are

14 ) Which of the following is a component of the COBIT Framework?

a) Policies
b) Audit Programs
c) Implementation Guidance
d) IT Resources
 COBIT – Simulado 2
15 ) What is a Control Objective?

a) A metric to be achieved by implementing control procedures in a

particular activity
b) A level of maturity to be achieved by implementing control
procedures in a particular activity
c) A statement of the desired result on purpose to be achieved by
implementing control procedures in a particular activity
d) A critical success factor to be achieved by implementing control
procedures in a particular activity

16 ) What tool within COBIT helps the business and IT understand the
business requirements for information?

a) Information Criteria
b) Critical Success Factor
c) Control Objective
d) Maturity Model
 COBIT – Simulado 2
17 ) Which of the following is a fiduciary requirement within the COBIT
Information Criteria?

a) Security
b) Integrity
c) Availability
d) Operational effectiveness

18 ) Which of the following is a COBIT security requirement?

a) Compliance
b) Availability
c) Reliability
d) Efficiency
 COBIT – Simulado 2
19 ) Which of the following is a COBIT Information Criteria?

a) Fiduciary
b) Quality
c) Effectiveness
d) Security

20 ) What do Key Goal Indicators (KGIs) measure?

a) Maturity levels
b) Process performance
c) Degree of control
d) The achievement of an objective
 COBIT – Simulado 2
21 ) Which of the following is a COBIT IT Resource?

a) Database
b) Infrastructure
c) Operating System
d) Contractor

22 ) Which COBIT IT Resource can be defined as the automated user

systems and manual procedures that process information?

a) Applications
b) Process
c) Systems
d) Technology
 COBIT – Simulado 2
23 ) Which of the following is a key feature of resource optimization?

a) Hiring low cost manpower

b) Retaining hardware to minimize replacement costs
c) Buying only proven products
d) Optimizing costs

24 ) Maturity Models help organizations to:

a) Meet goals and objectives

b) Evaluate controls
c) Determine the capability of the current process
d) Define performance measures
 COBIT – Simulado 2
25 ) How can COBIT be used along with other international best
practices and standards, such as ITIL and ISO 17799?

a) To integrate the deployment of the required standards

b) As an implementation method
c) To validate the appropriateness of the other standard
d) As another view of the same area to support an approach

26 ) Which framework is increasingly accepted as the standard

response for generally assessing IT controls?

a) ITIL
b) COBIT
c) ISO 17799
d) CMM
 COBIT – Simulado 2
27 ) Which IT process within COBIT should ensure timely definition of
operational requirements and service levels?

a) AI1-Identify Automated Solutions

b) PO1-Define a Strategic Plan
c) DS2-Manage third-party services
d) DS1-Manage Service Level Agreement

28 ) Which part of the COBIT toolset will help the business and IT
understand how to measure results?

a) Management Guidelines
b) Framework
c) Control Objectives
d) IT Governance Implementation Guide
 COBIT – Simulado 2
29 ) Key Performance Indicators are factors that:

a) Identify key controls

b) Identify key process
c) Positively influence the process outcome
d) Focus on control practices

30 ) Which level of maturity in the COBIT processes is usually

associated with a process being "standardized, documented and
communicated“

a) Level 3 - defined
b) Level 2 - repeatable
c) Level 4 - managed
d) Level 1 - initial
 COBIT – Simulado 2
31 ) Which of the following is a stage in the COBIT Audit Guidelines
structure?

a) Planning and organization

b) Maturity modeling
c) Setting metrics
d) Evaluation

32 ) COBIT's definition of fiduciary requirements differ from that of

COSO in that COBIT expands the scope to include:

a) Security
b) All information
c) Operations
d) Systems development
 COBIT – Simulado 2
33 ) COBIT is a framework that focuses on:

a) How to do it rather than what needs to be achieved

b) What needs to be achieved rather than to do it
c) What needs to be organized rather than what needs to achieved
d) What needs to be implemented rather than how measure it

34 ) The COBIT Framework treats information as the result of the

combined application of IT Resources that are managed by:

a) Information Criteria
b) Control Objectives
c) IT Process
d) Metrics
 COBIT – Simulado 2
35 ) The COSO Framework is a framework to help organizations
establish and determine:

a) Accounting standards
b) Auditing standards
c) Investment decisions
d) The effectiveness of the internal controls

36 ) Which of the following COBIT IT Processes addresses the need

for "program and project risk assessment"?

a) PO1 - Define a strategic IT Plan

b) PO8 - Manage quality
c) PO9 - Assess and manage IT risks
d) PO10 - Manage projects
 COBIT – Simulado 2
37 ) Which COBIT resource provides benchmarking capabilities?

a) COBIT Quickstart
b) COBIT Security Baseline
c) IT Governance Implementation Guide
d) COBIT Online

38 ) The percentage of projects completed on time and on budget is a

COBIT KGI?

a) True
b) False
 COBIT – Simulado 2
39 ) Which of the following aspects of COBIT can be benchmarked in
COBIT Online?

a) Use of IT Resources
b) Use of Information Criteria
c) Use of KGIs and KPIs
d) Use of Domains

40 ) COBIT QuickStart is most useful for:

a) Senior management
b) Small and medium sized enterprises (SMEs)
c) Auditors
d) Control Specialists
 COBIT – Simulado 3
1 ) What is the likely problem encountered when trying align IT with
business?

a) The projects are too complex

b) Use of external service providers
c) The changes tend to be always urgent
d) Inadequate process implementation

2 ) To satisfy business requirements, information needs to conform to

certain criteria, with COBIT component refer as:

a) IT Process
b) IT Domains
c) Information Criteria
d) Control Objectives
 COBIT – Simulado 3
3 ) Which level of maturity in COBIT is associated with a process that
has controls in place but is not documented?

a) Level 1 - Initial
b) Level 2 - Repeatable
c) Level 3 - Defined
d) Level 4 - Management
e) Level 5 - Optimized

4 ) The COSO Framework is widely accepted for:

a) IT management
b) IT Process
c) Support Process
d) Internal Controls
 COBIT – Simulado 3
5 ) Which COBIT Product enables the users to benchmark and
compare their organization with others?

a) Community
b) COBIT Framework
c) COBIT Implementation Tool
d) COBIT Online

6 ) Which part of COBIT has resources to help assess the capability of

IT Process?

a) Control Practices
b) IT Governance Implementation Guide
c) Framework
d) Control Objectives
 COBIT – Simulado 3
7 ) What is the main objective of COBIT QuickStart?

a) Providing a generic road map for implementing IT governance

b) Providing guidance on why controls are worth implementing
c) Focusing the organization on essential steps for implementing
information security
d) Providing a baseline of control for the smaller organization

8 ) CobiT can be used by a number of audiences. What is the primary

reason given for CobiT benefiting management?

a) Assists obtain assurance on control of IT services.

b) Useful to substantiate opinions about IT internal controls.
c) Helps balance risk and control investment decisions.
d) A basis to provide advice on IT controls.
 COBIT – Simulado 3
9 ) What does a Key Goal Indicator measure?

a) Result of a control objective

b) Outcome of a business process
c) Performance of an IT process
d) A concern of management

10 ) The CobiT Framework advocates which one of the following

approaches to control implementation?

a) Process orientated
b) Resource usage
c) Baseline controls
d) Risk assessment
 COBIT – Simulado 3
11 ) In the CobiT navigation aid, the control of an IT process is
intended to satisfy which one of the following?

a) Control statements
b) Business requirements
c) Control practices
d) Performance indicators

12 ) It Governance is best summarized by which one of the following

statements?

a) organizational structures, practices, procedures and policies

designed to provide assurance
b) the purpose to be achieved by implementing control procedures
c) enabling factors of IT processes
d) a structure of relationships and processes to direct and control
 COBIT – Simulado 3
13 ) The CobiT Key Performance Indicators are intended to be which
one of the following?

a) Long term goals for IT

b) Self assessment scales
c) Appraisal criteria for staff
d) Short, focused and measurable

14 ) How are application systems and data treated within the CobiT
Framework?

a) as a Resource
b) as a Critical success factor
c) as a Business requirement
d) as an IT process
 COBIT – Simulado 3
15 ) The CobiT defined IT process of Data Management is found in
which Domain?

a) Monitoring
b) Planning and Organization
c) Acquisition and Implementation
d) Delivery and Support

16 ) Controls Practice provide guidance

a) the hierarchy of control responsibilities

b) how to use detail controls objectives
c) why controls are needed and how to implement them
d) the importance control activities and tasks
 COBIT – Simulado 3
17 ) Which of the following framework is more used for Capability
Maturity Model related to software development?

a) COSO
b) ITIL
c) CMM
d) COBIT

18 ) Which of the following IT Process help to assure that service

providers are meeting business requirements?

a) DS1 Define and Manage Service Levels

b) DS3 Manage Performance and Capacity
c) DS2 Manage Third-party Services
d) AI4 Enable Operation and Use
 COBIT – Simulado 3
19 ) Which of the following is an IT resource identified in COBIT?

a) Data Base System

b) Network
c) Information
d) Servers

20 ) Which of the following is an IT Governance Concern of a trading

partner?

a) System changes are not made without the partner approval

b) The IT systems are based on the latest technology
c) The IT operation is cost effective and efficient
d) Confidential company information is not given to competitor
 COBIT – Simulado 3
21 ) ISO 17799 provides the detailed how to do it for:

a) service quality
b) service delivery
c) project management
d) information security management

22 ) Which COBIT IT Resource can be defined as being hardware,

operation systems, database management systems, networking
and environment?

a) Software
b) Infrastructure
c) Systems
 COBIT – Simulado 3
23 ) Where in COBIT are resources found to help obtain, evaluate,
assess and substantiate?

a) Framework
b) Control Objectives
c) Management Guidelines
d) Audit Guidelines

24 ) Which of the following is a state in the generic audit process

defined in the Audit Guidelines?

a) Evaluation
b) Identifying Users
c) Defining Approaches
d) Measuring Performance
 COBIT – Simulado 3

25 ) When a process is informal and reactive what is the level of

maturity?

a) Level 1 - Initial
b) Level 2 - Repeatable
c) Level 3 - Defined
d) Level 4 - Managed

26 ) COBIT is compatible with others standards because it:

a) Covers IT controls
b) can be used as project management guide
c) is positioned centrally at the general level
d) doesn’t have any reference to others standards
 COBIT – Simulado 3
27 ) Which of the following is a security requirement within the COBIT
Information Criteria?

a) Time
b) Effectiveness
c) Integrity
d) Quality

28 ) Which COBIT product provides updated information about

COBIT?

a) COBIT Framework
b) COBIT Implementation tools
c) COBIT Online
d) COBIT Resources
 COBIT – Simulado 3
29 ) Which of the following is a characteristic of a control framework?

a) Process orientation
b) People orientation
c) Technology orientation
d) Resources orientation

30 ) Key Goal Indicators (KGIs) measure:

a) how well the business uses IT

b) The achievement of objectives
c) process performance
d) the effectiveness of users of IT services
 COBIT – Simulado 3
31 ) The Information Criteria concerned with the protection of
information from unauthorized disclosure is:

a) Compliance
b) Reliability
c) Availability
d) Confidentiality

32 ) In DS2 - Manage Third-party Services an ongoing program that

identify and institutionalize best practices indicates which level of
maturity?

a) Level 2- Repeatable
b) Level 3- Defined
c) Level 4- Managed
d) Level 5- Optimized
 COBIT – Simulado 3
33 ) Which of the following is included as a component part of the
COBIT mission?

a) Provide consulting and implementation services

b) Produce an ISO standard
c) Certify companies and products
d) Develop internationally accepted control objectives

34 ) What is the high-level objective concerned to maintain the

integrity of information and protect IT assets requires a security
management process?

a) DS5 Ensure Systems Security

b) DS12 Manage the Physical Environment
c) PO9 Assess and Manage IT Risks
d) AI7 Install and Accredit Solutions and Changes
 COBIT – Simulado 3

35 ) What is the high-level objective concerned to management of all

IT projects?

a) PO1 Define a Strategic IT Plan

b) PO4 Define the IT Processes, Organization and Relationships
c) PO5 Manage the IT Investment
d) PO10 Manage Projects

36 ) What is the high-level objective that is related to production of

documentation and manuals for users?

a) AI1 Identify Automated Solutions

b) DS7 Educate and Train Users
c) DS8 Manage Service Desk and Incidents
d) AI4 Enable Operation and Use
 COBIT – Simulado 3

37 ) Which of the following is an IT Key Goal Indicators?

a) # of formal SLA review meetings with business per year

b) % of service levels reported
c) % of service levels reported in an automated way
d) % of business stakeholders satisfied that service delivery meets
agreed-upon levels

38 ) Which of the following is a Key Performance Indicators?

a) % of projects on time, on budget

b) % of projects meeting stakeholder expectations
c) % of stakeholders participating in projects (involvement index)
d) % of projects in annual IT plan subject to feasibility study
 COBIT – Simulado 3

39 ) The COBIT Framework links:

a) managements IT expectations to managements IT

responsibilities
b) audits IT expectations to managements IT expectations
c) managements IT expectations to audits IT responsibilities
d) managements IT expectations to business management
responsibilities

40 ) COBIT Framework can be used only in large organizations

a) True
b) False
 COBIT – Simulado 4

1) Which of the following CobiT high-level Control Objectives will be

most useful when managing service providers?

a) PO4 – Define the IT organization and relationships

b) DS1 – Define and manage service levels
c) DS2 – Manage third-party services
d) DS8 – Assist and advise customers

2) What is the IT control model that is based on COSO?

a) CobiT
b) CMM
c) ITIL
d) ISO 17799
 COBIT – Simulado 4
3) Which of the following IT Processes addresses outsourcing
contracts?

a) PO4 Define the IT organization and relationships

b) PO10 Project management
c) AI3 Acquire and maintain technology infrastructure
d) DS2 Manage third-party services

4) Which component of CobiT will help answer the question: How do I

determine whether we are doing the right things?

a) Control Objectives
b) IT Governance Implementation Guide
c) Management Guidelines
d) Framework
 COBIT – Simulado 4
5) CobiT Security Baseline is a(n):

a) Specialists guide to security

b) Implementation road map for security professionals
c) Security audit program for auditors
d) Non technical security guide and reference to security-related
objectives

6) The generic maturity model approach and method of scoring form

nonexistent to optimized (from 0 to 5) within CobiT is designed to
help organizations understand their:

a) Domains
b) Metrics
c) Capabilities
d) Controls
 COBIT – Simulado 4
7) The CobiT Framework is based upon the premise that IT:

a) Controls need to be aligned to the requirements of regulators

b) Needs to deliver information that will satisfy the requirements of
auditors
c) Functions should be organized to deliver profits to the enterprise
d) Needs to deliver information that the enterprise requires to
achieve its objectives

8) Which CobiT product provides an interactive knowledge base?

a) IT Governance Implementation Guide

b) CobiT Quickstart assessment tool
c) CobiT Online
d) CobiT Security Baseline Survival Kits
 COBIT – Simulado 4
9) The Information Criteria with the provision of appropriate
information for management to operate the entity and exercise its
financial and compliance reporting responsibilities is:

a) Reliability
b) Confidentiality
c) Integrity
d) Compliance

10) Which of the following is a security requirement within the CobiT

Information Criteria?

a) Quality
b) Confidentiality
c) Effectiveness
d) Delivery
 COBIT – Simulado 4
11) Which stage of the Audit Guidelines helps determine the
appropriateness of the stated controls?

a) Identification and Documentation

b) Compliance Testing
c) Evaluation
d) Substantive Testing

12) CobiT Maturity Models provide a framework to identify:

a) Information Criteria and an ongoing basis to measure controls

b) Controls and an ongoing basis to measure Control Practices
c) Improvement targets and an ongoing basis to measure status
and progress
d) Metrics and an ongoing basis to measure goals.
 COBIT – Simulado 4
13) The CobiT Framework states that to satisfy business objectives,
information needs to conform to certain information criteria,
including:

a) Efficiency
b) Delivery
c) Continuity
d) Security

14) Which of the following is a component of the CobiT Framework?

a) Procedures
b) Security Objectives
c) Business Requirements/Information Criteria
d) Audit Objectives
 COBIT – Simulado 4
15) Which of the following is a fiduciary requirement within the CobiT
Information Criteria?

a) Quality
b) Reliability of information
c) Cost
d) Confidentiality

16) The best way for organizations to ensure adequate security of their IT
environment is by:

a) Investing in the latest access control software solutions an focusing on

protecting the network
b) Increasing the awareness of management and users of their
responsibilities and possible risks
c) Focusing on an expert group and employing skilled security experts and
advisors
d) Physically protecting vulnerable computer equipment and storing them
in locked rooms
 COBIT – Simulado 4
17) Which of the following is a stage in the generic audit process
defined in the Audit Guidelines?

a) Identifying Users
b) Measuring Performance
c) Identification and Documentation
d) Defining Approaches

18) Which of the following can be benchmarked in CobiT Online?

a) Significance of Information Criteria

b) Use of Control Practices
c) Relevance of IT Resource
d) Importance of a Control Objectives
 COBIT – Simulado 4

19) Which of the following is a characteristic of a control framework?

a) Audit trails
b) Mandatory limits
c) Business focus
d) Exception reports

20) A method for managing risks is risk:

a) Measurement
b) Mitigation
c) Adjustment
d) Taking
 COBIT – Simulado 4

21) Which level of maturity in the CobiT IT processes is usually

associated with a process being monitored?

a) Level 1- Initial
b) Level 4- Managed
c) Level 3 – Defined
d) Level 2 - Repeatable

22) Which of the following is the most important organizational

challenge facing all organizations today?

a) Using the latest technology

b) Buying the right computer systems
c) Developing technology solutions
d) Determining the appropriate level of control for IT
 COBIT – Simulado 4

23) Which of the following phrases best describe value delivery? M

a) Delivery under budget

b) Delivery of promised benefits at a reasonable cost
c) Promising the lowest price
d) Using systems out of the box to save costs

24) Which of the following represents an organizational perspective of

a balanced scorecard?

a) Control
b) Learning
c) Management
d) Governance
 COBIT – Simulado 4

25) ITIL provides the detailed how to do it for:

a) IT service management
b) Project management
c) Strategic planning
d) IT security

26) Organizations should use CobiT as:

a) A set of mandatory procedures

b) A systems development life cycle
c) A basis to meet the specific needs of the business
d) Provided without modification
 COBIT – Simulado 4

27) Which of the following is the most significant challenge in the

management of IT?

a) Maintaining currency of the infrastructure

b) Mastering complexity of the IT environment
c) Solving technical problems
d) Choosing the best management tools

28) Which of the following is a key benefit of IT Governance?

a) Ability to be an IT leader
b) Increased IT investment
c) Greater awareness of available technical solutions
d) Greater transparency over IT
 COBIT – Simulado 4
29) Maturity Models help organizations to:

a) Measure performance against objectives

b) Define procedures for specific controls
c) Meet Critical Success Factors
d) Define targets to be achieved

30) Which domain of IT Governance delivers benefits at reasonable

cost?

a) Resource management
b) Risk management
c) Value delivery
d) Performance measurement
 COBIT – Simulado 4

31) Which of the following is the best way to manage what constitutes
good service?

a) Measure maturity of service-related processes

b) Assess controls in service delivery
c) Create contractually defined service levels
d) Perform audits of service contracts

32) A primary advantage of adopting the CobiT Framework is that it:

a) Is compatible with other frameworks

b) Focuses on operations
c) Focuses on security
d) Is based on accounting controls
 COBIT – Simulado 4
33) Which of the following is an IT resource identified in CobiT?

a) Network
b) Servers
c) Applications
d) Systems software

34) Which of the following is included as a component of the CobiT

mission?

a) Produce an ISO standard

b) Certify companies and products
c) Develop internationally accepted control objectives
d) Provide consulting and implementation services
 COBIT – Simulado 4
35) KPIs measure:

a) Enabling factors
b) Control Practices
c) IT Process
d) Controls

36) CobiT contributes to the use of multiple standards and best

practices within organizations because it:

a) Can be used as a systems development life cycle

b) Helps enhance accounting procedures
c) Is positioned centrally at the general level
d) Covers IT controls and business controls
 COBIT – Simulado 4
37) Which of the following IT Processes includes a detailed control
objective for post implementation reviews?

a) DS2 Manage third-party services

b) AI6 Change management
c) M1 Monitor the process
d) PO10 Manage projects

38) Which aspect of the Audit Guidelines focuses on testing controls

to ensure they are working as prescribed?

a) Evaluation
b) Compliance Testing
c) Substantive Testing
d) Identification and Documentation
 COBIT – Simulado 4
39) Which CobiT IT Resource can be defined as being hardware,
operating systems, database management systems, networking
ad multimedia?

a) Infrastructure
b) Systems
c) Technology
d) Software

40) A primary objective of CobiT Quickstart is to:

a) Perform a quick maturity assessment

b) Perform audits quickly
c) Gain benefits quickly
d) Focus on technical areas
 COBIT – Simulado 5
1) Which of the following is an IT resource identified in CobiT ?

a) Network
b) Systems software
c) Servers
d) Infrastructure

2) Which of the following is a benefit of strategic alignment?

a) Meeting project deadlines

b) Maintaining skilled resources
c) Producing high-quality software
d) Optimizing the use of resources
 COBIT – Simulado 5

3) A primary advantage of adopting the CobiT Framework is that it:

a) Focuses on security
b) Focuses on operations
c) Is based on accounting controls
d) Is compatible with other frameworks

4) What is the IT control model that is based on COSO?

a) ISO 17799
b) CobiT
c) ITIL
d) CMM
 COBIT – Simulado 5

5) Which of the following is an IT Governance concern of a trading

partner?

a) The IT operation is cost effective and efficient

b) System changes are not made without the partners approval
c) Confidential company information is not given to competitors
d) The IT systems are based on the latest technology

6) Which the following is used to measure IT Processes for outcome?

a) RACI Charts
b) Maturity Models
c) Key Performance Indication
d) Key Goal Indicator
 COBIT – Simulado 5
7) Which of the following is the most significant challenge in the
management of IT?

a) Choosing the best management tools

b) Ensuring regulatory compliance
c) Solving technical problems
d) Maintaining currency of the infrastructure

8) Which of the following is a characteristic of a control framework?

a) Mandatory limits
b) Exception reports
c) Audit trails
d) Helps meet regulatory requirements
 COBIT – Simulado 5
9) The Audit Guidelines enable the auditor to:

a) Help process owners decide what controls to fix

b) Define controls
c) Set objectives and measures
d) Assess maturity of processes

10) Which of the following is the most likely problem caused by the
complexity of IT?

a) Adapting to rapid changes and new developments

b) Failing to select the best IT solution
c) Managing user support requests
d) Keeping projects on track and within budget
 COBIT – Simulado 5
11) In PO10 an ongoing program to identify and institutionalize best
practices indicates which level of maturity?

a) Level 2 – Repeatable
b) Level 4 – Managed
c) Level 5 - Optimized
d) Level 3 - Defined

12) Key Goal Indicators (KGIs) measure:

a) The achievement of objectives

b) How well the business uses IT
c) The effectiveness of users of IT services
d) Process performance.
 COBIT – Simulado 5
13) COSO is an accepted framework for establishing:

a) Management processes
b) Internal controls
c) Regulatory requirements
d) IT controls

14) The Percent of major suppliers meeting clearly defined

requirements and service levels is an example of a CobiT KGI?

a) True
b) False
 COBIT – Simulado 5
15) KGIs are often referred to as lag (defasado) indicators because
they only are measured:

a) As groups of goals
b) One goal at a time
c) On a continuous basis
d) After the fact

16) Which CobiT product provides the most up-to-date CobiT

information?

a) CobiT Framework
b) CobiT Control Objectives
c) CobiT Online
d) IT Governance Implementation Guide
 COBIT – Simulado 5
17) ISO 17799 provides the detailed how to do it for:

a) Information security management

b) Service delivery
c) Strategic planning
d) Project management

18) Which of the following is a component of the CobiT Framework?

a) IT Procedures
b) IT audit objectives
c) Information Criteria
d) IT security objectives
 COBIT – Simulado 5

19) Which aspect of the Audit Guidelines focuses on considering the

risk of controls not being met?

a) Evaluation
b) Compliance Testing
c) Identification and Documentation
d) Substantive Testing

20) Which CobiT domain focuses on areas such as operations,

security and continuity?

a) Monitor and Evaluate

b) Plan and Organize
c) Acquire and Implement
d) Deliver and Support
 COBIT – Simulado 5

21) Which of the following is a stage in the generic audit process

defined in the Audit Guidelines?

a) Identifying Users
b) Defining Approaches
c) Measuring Performance
d) Substantive Testing

22) Which of the following IT Processes is concerned with defining

and collecting monitoring data?

a) PO4 Define the IT organization and relationships

b) DS1 Define and manage service levels
c) ME1 Monitor and evaluate IT performance
d) DS2 Manage third-party services
 COBIT – Simulado 5
23) The CobiT Framework states that to satisfy business objectives,
information needs to conform to certain information criteria,
including?

a) Continuity
b) Security
c) Delivery
d) Compliance

24) Which CobiT IT Resource can be defined as being hardware,

operating systems, database management systems, networking,
multimedia and environment?

a) Systems
b) Technology
c) Software
d) Infrastructure
 COBIT – Simulado 5
25) In DS2 responsibilities for contract and vendor management are
assigned indicates which level of maturity?

a) Level 2 – Repeatable
b) Level 3 - Defined
c) Level 4 – Managed
d) Level 1 - Initial

26) To satisfy business objectives, information needs to conform to

certain criteria, which CobiT refers as:

a) Control Practices
b) Control Objectives
c) Information Criteria
d) Key Goal Indicators
 COBIT – Simulado 5

27) Which of the following is a component of the management

guidelines?

a) Process descriptions
b) Information attributes
c) Key goal and performance indicators
d) Assurance levels

28) The use of CobiT Quickstart is most valuable to:

a) Control specialists requiring an easy-to-apply checklist

b) Boards of directors wanting to get a quick overview of CobiT
c) Organizations wanting to focus initially on the important elements
of CobiT
d) Audit managers needing to quickly devise an IT audit approach
 COBIT – Simulado 5
29) Which of the following IT Processes addresses delivering in
agreed timeframes, budgets and quality?

a) DS2 Manage third-party services

b) PO10 Manage projects
c) DS8 Manage service desk and incidents
d) PO1 Define a strategic IT plan

30) A risk management method is risk:

a) Acceptance
b) Adjustment
c) Taking
d) measurement
 COBIT – Simulado 5
31) The relationship owners must liaise on customer and supplier
issues and ensure the quality of the relationship based on trust
and transparency is an example of a:

a) Key Activity
b) Control Practice
c) KGI
d) Control Objective

32) Which of the following is a key benefit of IT Governance?

a) Greater transparency over IT

b) Ability to be an IT leader
c) Greater awareness of technical solutions
d) Increased IT investiment
 COBIT – Simulado 5
33) Which level of maturity in the CobiT IT processes is usually
associated with best practices?

a) Level 5 - Optimized
b) Level 3 - Defined
c) Level 2 – Repeatable
d) Level 4 – Managed

34) Where within CobiT will a user find help in setting measurable
objectives?

a) Control Objectives
b) Framework
c) IT Governance Implementation Guide
d) Management Guidelines
 COBIT – Simulado 5
35) Which of the following is a security requirement within the CobiT
Information Criteria?

a) Effectiveness
b) Confidentiality
c) Quality
d) Delivery

36) Which of the following represents an organizational perspective of

a balanced scorecard?

a) Control
b) Management
c) Process
d) Governance
 COBIT – Simulado 5
37) Through which of the following CobiT Online facilities does ISACA
raise its awareness of CobiT users experiences and issues?

a) Surveys
b) Benchmarking
c) Feedback
d) Help

38) Which of the following is included as a component part of the

CobiT mission?

a) Provide consulting and implementation services

b) Produce an ISO standard
c) Develop internationally accepted control objectives
d) Certify companies and products
 COBIT – Simulado 5
39) The measure of significant incidents of supplier non-compliance
per time period is an example of a:

a) KPI
b) KGI
c) CSF
d) CMM

40) What does the CobiT Framework focus on?

a) Adequate governance, management and control of IT

b) Required control procedures
c) A guide for the business in how to use IT services
d) A checklist for auditors