What is CGEIT®?

CGEIT® (short for Certified in the Governance of Enterprise IT) recognizes a wide range of professionals for their knowledge and application of enterprise IT governance principles and practices.

As a CGEIT® certified professional, you demonstrate that you are capable of bringing IT governance into an organization and improving its effectiveness, grasp the complex subject holistically and, therefore, enhance value to the enterprise. Some of the focus areas include:

  • Frameworks for the governance of enterprise IT.
  • Strategic management.
  • Benefits realization.
  • Risk optimization.
  • Resource optimization.

Who is CGEIT® for?

The CGEIT® certification is designed for professionals who have a significant management, advisory or assurance responsibilities relating to the governance of enterprise IT. These might include the:

  • Chief Executive Officer (CEO)/President
  • Chief Information Officer (CIO)
  • Chief Technology Officer (CTO)
  • Chief Audit Executive (CAE)/Partner/Principal
  • Chief Information Risk Strategist
  • Chief Information Security Officer (CISO)
  • Chief Security Officer (CSO)
  • IT Governance Director/Manager
  • IS/IT Director/Manager
  • IS/IT Consultant
  • IS/IT Audit Director/Manager
  • IS/IT Security Director/Manager
  • IS/IT Compliance Director/Manager
  • Project Manager
  • Business Manager
  • General Manager

When an enterprise employs a CGEIT®, they ensure good governance. This provides for an environment of few “surprises” and the ability to have an agile response to any that do arise.

CGEIT® is considered by many companies and governmental agencies to be a prerequisite for employees involved with enterprise IT governance.

The CGEIT designation meets the needs of:

  • Individuals by recognizing and elevating the expertise, skill sets, abilities and experiences of those performing IT governance work
  • Enterprises by identifying those who have made a tangible commitment to excellence in IT governance practices
  • The profession by supporting the increasing global trends toward IT governance activities
  • Business by improving the awareness of IT governance good practices and issues
  • The certification process has been specifically developed for professionals who have a significant management, advisory, or assurance role relating to the governance of IT. The certification promotes the advancement of professionals who wish to be recognized for their IT governance-related experience and knowledge.

CGEIT Practice Areas (Domains)

The CGEIT exam measures an individual’s ability and knowledge as it pertains to the performance of his/her job. The content of the exam is modified to reflect changes in technology and practices.

The updated job practice contains the following practice areas (domains) and percentages:

Domain 1: Framework for the Governance of Enterprise IT (25%)
Domain 2: Strategic Management (20%)
Domain 3: Benefits Realization (16%)
Domain 4: Risk Optimization (24%)
Domain 5: Resource Optimization (15%)

Course Outline / Course Agenda

Day 1 – Session 1 – Introduction and objective setting…

Pre-course briefing
Objective setting
Exam pattern
CGEIT certification process

Day 1 – Session 2 – Understanding the context and relevant frameworks and standards

- ISO 20000
- ISO 38500
- BCG Matrix
- EA
- balanced scorecard
- Val IT
- Maturity models
- benchmarking
- ISO 31000
- BCP and DRP

Day 2 – Session 1 – Domain 1: Framework for the Governance of Enterprise IT

K1.1 Knowledge of components of a framework for the governance of enterprise IT
K1.2 Knowledge of IT governance industry practices, standards and frameworks
K1.3 Knowledge of business drivers related to IT governance
K1.4 Knowledge of IT governance enablers
K1.5 Knowledge of techniques used to identify IT strategy
K1.6 Knowledge of components, principles, and concepts related to enterprise architecture (EA)
K1.7 Knowledge of Organizational structures and their roles and responsibilities
K1.8 Knowledge of methods to manage organizational, process and cultural change
K1.9 Knowledge of models and methods to establish accountability for information requirements, data and system ownership; and IT processes
K1.10 Knowledge of IT governance monitoring processes/mechanisms
K1.11 Knowledge of IT governance reporting processes/mechanisms
K1.12 Knowledge of communication and promotion techniques
K1.13 Knowledge of assurance methodologies and techniques
K1.14 Knowledge of continuous improvement techniques and processes

Day 2 – Session 2 – Domain 2: Strategic Management

K2.1 Knowledge of an enterprise’s strategic plan and how it relates to IT
K2.2 Knowledge of strategic planning processes and techniques
K2.3 Knowledge of impact of changes in business strategy on IT strategy
K2.4 Knowledge of barriers to the achievement of strategic alignment
K2.5 Knowledge of policies and procedures necessary to support IT and business strategic alignment
K2.6 Knowledge of methods to document and communicate IT strategic planning processes
K2.7 Knowledge of components, principles and frameworks of enterprise architecture (EA)
K2.8 Knowledge of current and future technologies
K2.9 Knowledge of prioritization processes related to IT initiatives
K2.10 Knowledge of scope, objectives and benefits of IT investment programs
K2.11 Knowledge of IT roles and responsibilities and methods to cascade business and IT objectives to IT personnel

Day 3 – Session 1 – Domain 3: Benefits Realization

K3.1 Knowledge of IT investment management processes, including the economic life cycle of investments
K3.2 Knowledge of basic principles of portfolio management
K3.3 Knowledge of benefit calculation techniques
K3.4 Knowledge of process and service measurement techniques
K3.5 Knowledge of processes and practices for planning, development, transition, delivery, and support of IT solutions and services
K3.6 Knowledge of continuous improvement concepts and principles
K3.7 Knowledge of outcome and performance measurement techniques
K3.8 Knowledge of procedures to manage and report the status of IT investments
K3.9 Knowledge of cost optimization strategies
K3.10 Knowledge of models and methods to establish accountability over IT investments
K3.11 Knowledge of value delivery frameworks
K3.12 Knowledge of business case development and evaluation techniques

Day 3 – Session 2 – Domain 4: Risk Optimization

K4.1 Knowledge of the application of risk management at the strategic, portfolio, program, project and operations levels
K4.2 Knowledge of risk management frameworks and standards Commission Enterprise Risk Management
K4.3 Knowledge of the relationship of the risk management approach to legal and regulatory compliance
K4.4 Knowledge of methods to align IT and enterprise risk management (ERM)
K4.5 Knowledge of the relationship of the risk management approach to business resiliency
K4.6 Knowledge of risk, threats, vulnerabilities and opportunities inherent in the use of IT
K4.7 Knowledge of types of business risk, exposures and threats
K4.8 Knowledge of risk appetite and risk tolerance
K4.9 Knowledge of quantitative and qualitative risk assessment methods
K4.10 Knowledge of risk mitigation strategies related to IT in the enterprise
K4.11 Knowledge of methods to monitor effectiveness of mitigation strategies and/or controls
K4.12 Knowledge of stakeholder analysis and communication techniques
K4.13 Knowledge of methods to establish key risk indicators (KRIs)
K4.14 Knowledge of methods to manage and report the status of identified risk

Day 4 – Session 1 – Domain 5: Resource Optimization

K5.1 Knowledge of IT resource planning methods
K5.2 Knowledge of human resource procurement, assessment, training, and development methodologies
K5.3 Knowledge of processes for acquiring application, information, and infrastructure resources
K5.4 Knowledge of outsourcing and offshoring approaches that may be employed to meet the investment program and operation level agreements (OLAs) and service level agreements (SLAs)
K5.5 Knowledge of methods used to record and monitor IT resource utilization and availability
K5.6 Knowledge of methods used to evaluate and report on IT resource performance
K5.7 Knowledge of interoperability, standardization and economies of scale
K5.8 Knowledge of data management and data governance concepts
K5.9 Knowledge of service level management concepts

Day 4 – Session 2 – Exam preparations

Sample paper & Discussions

CGEIT Exam format
Exam Format of CGEIT – Certified In The Governance Of Enterprise IT

Conducted twice every year on a pre-published date by ISACA in June and December.
Conducted at ISACA center.