Got a question? Call 0800 835 835   |   
Contact usCheckoutContact us
Cyber Security Category Banner Image

CGEIT Certification

The Information Systems Audit and Control Association (ISACA) is an international professional association that offers policy guidance, benchmarks, and governance tools for organisations that use information technology (IT) systems.

Overview

The Certified in the Governance of Enterprise IT (CGEIT®) certification is framework agnostic and the only IT governance certification for the individual. Whether you’re seeking a new career opportunity or striving to grow within your current organisation, CGEIT proves your expertise in enterprise IT governance, resources, benefits and risk optimisation.

The CGEIT exam is four hours in duration, contains 150 multiple-choice questions, and covers four areas called domains. Each domain is further defined and detailed through Task and Knowledge statements. Read on below for the domains and their weightings.

A copy of ISACA’s Exam Candidate Guide can be downloaded here.

As well as passing the CGEIT exam, there are additional criteria for certification. For example, a candidate must submit evidence of at least five years of experience in an advisory or oversight role supporting the governance of the IT-related contribution to an enterprise. If a candidate does not have the required experience, this may still be gained within five years after originally passing the CGEIT exam. Please see the full additional criteria detailed on ISACA’s website.

Request Certification Information

Prepare for the Certified in the Governance of Enterprise IT (CGEIT) exam with training from Lumify Work, an Accredited Partner of ISACA.

Courses

Certified in the Governance of Enterprise IT (CGEIT®)
NZD 2675 exc GST

Exam Content and Weightings

Following are the key domains and topics on which CGEIT candidates will be tested, with weightings.

Domain 1: Governance Of Enterprise IT – (40%)

This domain deals with the organisational structure of building IT frameworks, the strategy and technology aspects of IT governance and essential knowledge about governing various types of information.

A. Governance Framework

  1. Components of a Governance Framework

  2. Organisational Structures, Roles and Responsibilities

  3. Strategy Development

  4. Legal and Regulatory Compliance

  5. Organisational Culture

  6. Business Ethics

B. Technology Governance

  1. Governance Strategy Alignment with Enterprise Objectives

  2. Strategic Planning Process

  3. Stakeholder Analysis and Engagement

  4. Communication and Awareness Strategy

  5. Enterprise Architecture

  6. Policies and Standards

C. Information Governance

  1. Information Architecture

  2. Information Asset Lifecycle

  3. Information Ownership and Stewardship

  4. Information Classification and Handling

Domain 2: IT Resources – (15%)

This domain provides insight about where to effectively allocate your IT resources and how to ensure IT resources are streamlined for performance.

A. IT Resource Planning

  1. Sourcing Strategies

  2. Resource Capacity Planning

  3. Acquisition of Resources

B. IT Resource Optimisation

  1. IT Resource Lifecycle and Asset Management

  2. Human Resource Competency Assessment and Development

  3. Management of Contracted Services and Relationships

Domain 3: Benefits Realisation – (26%)

This domain’s focus is on managing performance, monitoring and reporting, and analysing IT-enabled technology investment management.

A. IT Performance and Oversight

  1. Performance Management

  2. Change Management

  3. Governance Monitoring

  4. Governance Reporting

  5. Quality Assurance

  6. Process Development and Improvement

B. Management of IT-Enabled Investments

  1. Business Case Development and Evaluation

  2. IT Investment Management and Reporting

  3. Performance Metrics

  4. Benefit Evaluation Methods

Domain 4: Risk Optimisation – (19%)

This domain is about mitigating potential IT risks and challenges and overseeing the risks of IT management capabilities.

A. Risk Strategy

  1. Risk Frameworks and Standards

  2. Enterprise Risk Management

  3. Risk Appetite and Risk Tolerance

B. Risk Management

  1. IT-Enabled Capabilities, Processes and Services

  2. Business Risk, Exposures and Threats

  3. Risk Management Lifecycle

  4. Risk Assessment Methods

Supporting Tasks

  1. Establish the objectives for the framework for the governance of enterprise IT.

  2. Establish a framework for the governance of enterprise IT.

  3. Identify the internal and external requirements for the framework for the governance of enterprise IT.

  4. Incorporate a strategic planning process into the framework for the governance of enterprise IT.

  5. Ensure that a business case development and benefits realisation process for IT-enabled investments has been established.

  6. Incorporate enterprise architecture into the framework for the governance of enterprise IT.

  7. Incorporate information architecture into the framework for the governance of enterprise IT.

  8. Align the framework for the governance of enterprise IT with enterprise-wide shared services.

  9. Incorporate comprehensive and repeatable processes and activities into the framework for the governance of enterprise IT.

  10. Establish roles, responsibilities, and accountabilities for information assets and IT processes.

  11. Evaluate the framework for the governance of enterprise IT and identify improvement opportunities.

  12. Establish a process for the identification and remediation of issues related to the framework for the governance of enterprise IT.

  13. Establish policies and standards that support IT and enterprise strategic alignment.

  14. Establish policies and standards that inform decision-making with regard to IT-enabled business investments.

  15. Establish communication and awareness processes to convey the value of the governance of enterprise IT.

  16. Evaluate, direct, and monitor IT strategic planning processes to ensure alignment with enterprise goals.

  17. Evaluate, direct, and monitor stakeholder engagement.

  18. Document and communicate the IT strategic planning processes and related outputs.

  19. Ensure that enterprise architecture is integrated into the IT strategic planning process.

  20. Ensure that information architecture is integrated into the IT strategic planning process.

  21. Incorporate a prioritisation process for IT initiatives into the framework for the governance of enterprise IT.

  22. Ensure that processes are in place to manage the lifecycle of IT resources and capabilities.

  23. Ensure that processes are in place to govern the lifecycle of information assets.

  24. Incorporate sourcing strategies into the framework for the governance of enterprise IT to ensure optimisation and control.

  25. Ensure the alignment of IT resource management processes with the enterprise’s resource management processes.

  26. Ensure the alignment of information governance with the framework for the governance of enterprise IT.

  27. Ensure that processes are in place for the assessment and development of personnel to align with business needs.

  28. Ensure that IT-enabled investments are managed through their economic lifecycle.

  29. Evaluate the process that assigns ownership and accountability for IT-enabled investments.

  30. Ensure that IT investment management practices align with enterprise investment management practices.

  31. Evaluate the benefits realisation of IT-enabled investments, IT processes and IT services.

  32. Establish a performance management program for IT-enabled investments, IT processes and IT services.

  33. Ensure that improvement initiatives are based on the results derived from performance measures.

  34. Ensure that comprehensive IT and information risk management programs are established.

  35. Ensure that a process is in place to monitor and report on the adherence to IT and information risk management policies and standards.

  36. Ensure the alignment of IT processes with the enterprise's legal and regulatory compliance objectives.

  37. Ensure the alignment of IT and information risk management with the enterprise risk management framework.

  38. Ensure that IT and information risk management policies and standards are developed and communicated.

Request Certification Information