What is CGEIT? A certification for seasoned IT governance professionals

The Certified in Governance of Enterprise IT (CGEIT) certification is a vendor-neutral certification offered through the ISACA. It’s designed for IT professionals in large organizations who are responsible for directing, managing and supporting the governance of IT.

The exam consists of 150 multiple-choice questions and you’ll have four hours to complete the in-person exam. Testing locations can be found through PSI Online and, depending on your location, you’ll likely be able to choose between a testing center or a kiosk. At a testing center, you’ll take a live proctored exam with other exam-takers, but at a kiosk location, you’ll take the exam alone at a small work station in a “managed, yet self-service way.” The ISACA offers more information on each testing experience to help you choose the best option for you.

Exams are offered during three specific testing windows during the year — the first testing window in 2019 will run from February 1 to May 24. The two other testing windows for 2019 haven’t been announced yet, but they typically run for three-month periods.

What’s on the CGEIT exam?

The ISACA organizes the exam by five main CGEIT domains, which includes:

• Domain 1: Framework for the governance of enterprise IT (25% of the exam)
• Domain 2: Strategic management (20% of the exam)
• Domain 3: Benefits realization (16% of the exam)
• Domain 4: Risk optimization (24% of the exam)
• Domain 5: Resource optimization (15% of the exam)

Domain 1 includes establishing a framework for governance of enterprise IT that helps the organization realize its goals and objectives, while considering risk and optimization. It also covers all the basic requirements, policies, principles, processes, organizational structures, infrastructure, skills and competencies necessary to build, oversee, and manage a framework IT governance.

Domain 2 focuses on aligning IT with enterprise objectives creating a strategic plan that helps the organization understand how changes to business strategy will impact IT strategy. This domain covers knowledge of IT roles and responsibilities, prioritization processes, documentation and communication methods, potential barriers for strategic alignment and current and future technologies.

Domain 3 covers benefits realization, which is the process of managing, tracking and reporting on the performance of IT investments to ensure they deliver optimized business benefits. This domain includes knowledge of KPIs, benefit calculation techniques, how to measure and monitor outcome and performance, and knowledge of continuous improvement concepts and principles.

Domain 4 encompasses risk optimization, which is the process of ensuring IT risk management frameworks help identify, analyze, mitigate, manage, monitor and communicate IT-related business risk and that they’re aligned with the enterprise risk management (ERM) framework. Risk optimization also includes an understanding of appropriate legal and compliance regulations and the ability to communicate risk to senior-level executives. You’ll need knowledge of disaster recovery planning (DRP), business continuity planning (BCP), standard risk management frameworks, key risk indicators (KRIs) and the skills to report on analytical data.

Domain 5 covers the optimization of IT resources, including information, services, infrastructure and applications, and people. This domain includes everything you need to know to ensure the correct processes are in place to reach enterprise goals. You’ll need knowledge of IT resource management, service level agreements (SLAs), operation level agreements (OLAs) and data management and data governance.  

For a more in-depth look at the tasks and knowledge areas for each domain, you can visit the ISACA website.

CGEIT qualifications

To qualify for the exam, you’ll need at least five years of relevant work experience with one year working in Domain 1 (managing frameworks) and the other four years spent working in at least two out of the five other domains. You won’t have to take a course to pass the CGEIT; instead your work experience and background serve as your CGEIT education. This certification is designed for professionals who have “significant management, advisory, or assurance role relating to the governance of IT and the knowledge required to perform these tasks,” according to the ISACA.

How to prepare for the exam

The best way to prepare for your CGEIT exam is through your professional experience with IT governance. However, if you want to brush up on certain domains before the exam, you can download resources from the ISACA to self-study. You can also join the ISACA’s CGEIT exam study community, where you’ll be able to connect with other professionals preparing for the same exam.

If you want to attend a course or training program to prepare you for the CGEIT exam, there are several options, including:

• Infosec Institute CGEIT training bootcamp
• Learning Tree International CGEIT training
• Firebrand Training CGEIT course
• Keonig Solutions CGEIT training and certification course
• NICCS CGEIT official ISACA certification training
• CED Solutions CGEIT training course

Exam fee

The cost of the CGEIT exam is $575 for ISACA members and $760 for non-members.

Maintaining your certification

You’ll need to maintain a certain number of continuing professional education (CPE) hours over an annual and three-year certification period. You will need to earn a minimum of 20 CPE hours annually, pay an annual CPE maintenance fee of $45 for members or $85 for non-members, earn at least 120 CPE hours over a three-year reporting period, submit required documentation if selected for auditing and comply with the ISACA Code of Professional Ethics.

More on IT governance:

• 7 IT governance mistakes — and how to avoid them
• The keys to effective IT governance in the digital era
• Rethinking IT governance for agility and innovation
• 7 IT governance myths