ALREADY HAVE A CGEIT CERTIFICATION? LOG IN TO MYISACA

What is covered on the CGEIT exam?

The Certified in the Governance of Enterprise IT® (CGEIT®) exam consists of 150 questions covering 4 job practice domains, all testing your knowledge and ability on real-life job practices leveraged by expert professionals.

Below are the key domains, subtopics and tasks candidates will be tested on:

40%
Domain 1 >

Governance of Enterprise IT
15%
Domain 2 >

IT Resources
26%
Domain 3 >

Benefits Realization
19%
Domain 4 >

Risk Optimization
GET YOUR EXAM CANDIDATE GUIDE ACCESS EXAM PREP MATERIALS
Illustration of a certificate on the wall with man in front

ISACA’S commitment

Since its inception in 2007, more than 8,000 people have obtained ISACA’s CGEIT certification to bring the knowledge and experience needed to align IT with business strategies and goals, manage IT investments to maximize return on investment, and strive for excellence in IT operations and governance while minimizing risk. The domains, subtopics and tasks are the results of extensive research, feedback and validation from subject matter experts and prominent industry leaders from around the globe.

Job practice areas tested for and validated by a CGEIT certification

40% DOMAIN 1 – GOVERNANCE OF ENTERPRISE IT

This domain deals with the organizational structure of building IT frameworks, the strategy and technology aspects of IT governance and essential knowledge about governing various types of information.

A—GOVERNANCE FRAMEWORK

  1. Components of a Governance Framework
  2. Organizational Structures, Roles and Responsibilities
  3. Strategy Development
  4. Legal and Regulatory Compliance
  5. Organizational Culture
  6. Business Ethics

B—TECHNOLOGY GOVERNANCE

  1. Governance Strategy Alignment with Enterprise Objectives
  2. Strategic Planning Process
  3. Stakeholder Analysis and Engagement
  4. Communication and Awareness Strategy
  5. Enterprise Architecture
  6. Policies and Standards

C—INFORMATION GOVERNANCE

  1. Information Architecture
  2. Information Asset Lifecycle
  3. Information Ownership and Stewardship
  4. Information Classification and Handling

15% DOMAIN 2 – IT RESOURCES

This domain provides insight about where to effectively allocate your IT resources and how to ensure IT resources are streamlined for performance.

A–IT RESOURCE PLANNING

  1. Sourcing Strategies
  2. Resource Capacity Planning
  3. Acquisition of Resources

B–IT RESOURCE OPTIMIZATION

  1. IT Resource Lifecycle and Asset Management
  2. Human Resource Competency Assessment and Development
  3. Management of Contracted Services and Relationships

26% DOMAIN 3 – BENEFITS REALIZATION

This domain’s focus is on managing performance, monitoring and reporting, and analyzing IT-enabled technology investment management.

A–IT PERFORMANCE AND OVERSIGHT

  1. Performance Management
  2. Change Management
  3. Governance Monitoring
  4. Governance Reporting
  5. Quality Assurance
  6. Process Development and Improvement

B–MANAGEMENT OF IT-ENABLED INVESTMENTS

  1. Business Case Development and Evaluation
  2. IT Investment Management and Reporting
  3. Performance Metrics
  4. Benefit Evaluation Methods

19% DOMAIN 4 – RISK OPTIMIZATION

This domain is about mitigating potential IT risks and challenges and overseeing the risks of IT management capabilities.

A–RISK STRATEGY

  1. Risk Frameworks and Standards
  2. Enterprise Risk Management
  3. Risk Appetite and Risk Tolerance

B–RISK MANAGEMENT

  1. IT-Enabled Capabilities, Processes and Services
  2. Business Risk, Exposures and Threats
  3. Risk Management Lifecycle
  4. Risk Assessment Methods

SUPPORTING TASKS

  1. Establish the objectives for the framework for the governance of enterprise IT.
  2. Establish a framework for the governance of enterprise IT.
  3. Identify the internal and external requirements for the framework for the governance of enterprise IT.
  4. Incorporate a strategic planning process into the framework for the governance of enterprise IT.
  5. Ensure that a business case development and benefits realization process for IT-enabled investments has been established.
  6. Incorporate enterprise architecture into the framework for the governance of enterprise IT.
  7. Incorporate information architecture into the framework for the governance of enterprise IT.
  8. Align the framework for the governance of enterprise IT with enterprise-wide shared services.
  9. Incorporate comprehensive and repeatable processes and activities into the framework for the governance of enterprise IT.
  10. Establish roles, responsibilities, and accountabilities for information assets and IT processes.
  11. Evaluate the framework for the governance of enterprise IT and identify improvement opportunities.
  12. Establish a process for the identification and remediation of issues related to the framework for the governance of enterprise IT.
  13. Establish policies and standards that support IT and enterprise strategic alignment.
  14. Establish policies and standards that inform decision-making with regard to IT-enabled business investments.
  15. Establish communication and awareness processes to convey the value of the governance of enterprise IT.
  16. Evaluate, direct, and monitor IT strategic planning processes to ensure alignment with enterprise goals.
  17. Evaluate, direct, and monitor stakeholder engagement.
  18. Document and communicate the IT strategic planning processes and related outputs.
  19. Ensure that enterprise architecture is integrated into the IT strategic planning process.
  20. Ensure that information architecture is integrated into the IT strategic planning process.
  21. Incorporate a prioritization process for IT initiatives into the framework for the governance of enterprise IT.
  22. Ensure that processes are in place to manage the lifecycle of IT resources and capabilities.
  23. Ensure that processes are in place to govern the lifecycle of information assets.
  24. Incorporate sourcing strategies into the framework for the governance of enterprise IT to ensure optimization and control.
  25. Ensure the alignment of IT resource management processes with the enterprise’s resource management processes.
  26. Ensure the alignment of information governance with the framework for the governance of enterprise IT.
  27. Ensure that processes are in place for the assessment and development of personnel to align with business needs.
  28. Ensure that IT-enabled investments are managed through their economic lifecycle.
  29. Evaluate the process that assigns ownership and accountability for IT-enabled investments.
  30. Ensure that IT investment management practices align with enterprise investment management practices.
  31. Evaluate the benefits realization of IT-enabled investments, IT processes and IT services.
  32. Establish a performance management program for IT-enabled investments, IT processes and IT services.
  33. Ensure that improvement initiatives are based on the results derived from performance measures.
  34. Ensure that comprehensive IT and information risk management programs are established.
  35. Ensure that a process is in place to monitor and report on the adherence to IT and information risk management policies and standards.
  36. Ensure the alignment of IT processes with the enterprise's legal and regulatory compliance objectives.
  37. Ensure the alignment of IT and information risk management with the enterprise risk management framework.
  38. Ensure that IT and information risk management policies and standards are developed and communicated.

Getting ready for the exam

ISACA offers a variety of exam preparation resources including group training, self-paced training and study resources in various languages to help you prepare for your certification exam. Choose what works for your schedule and your studying needs.

ACCESS ALL CGEIT EXAM PREP MATERIALS

Download exam terminology list

While studying for your CGEIT exam, explore our lists of terms that will appear on the test. See the terms in English alongside how they will appear in the other languages offered.

Chinese Simplified