The importance of IT governance for a company is impossible to ignore. Its goal is basically to ensure that the IT infrastructure match and support the business goals of an organization in an effective way. From optimizing resources to developing strategies and prioritizing initiatives, a professional expert in governance strives to deliver plans and policies to ensure that use of IT meets business objectives, both strategic and operational, adherence to compliance / regulatory and security constraints.

For IT governance to work, it is essential for the organization to find a leader who can help ensure that the operations conform to specific industry standards and practices. Although IT governance is often under the umbrella of senior personnel like chief information officers (CIO) or chief technology officers (CTO) and their teams, consequently experience is an important factor; therefore, those that follow a such a career path can also benefit from an ad-hoc certification that can further prove their competency in the role. “As a CGEIT certified professional, you demonstrate that you are capable of bringing IT governance into an organization—that you grasp the complex subject holistically, and therefore, enhance value to the enterprise,” says in fact ISACA, an independent association founded in 1967 to serve as a centralized source of information and guidance in the field of auditing controls for computer systems.

What is the CGEIT Certification?

Introduced in 2007 and effective since December 2008, ISACA’ CGEIT credential tests an individual’s knowledge and application of enterprise IT governance principles and practices. This cert addresses key knowledge areas related to Governance of Enterprise responsibilities of the board or the senior management. Accordingly, there are five domains on which testers will be examined:

  • Domain 1 – Framework for the Governance of Enterprise IT (25% of exam).
    Understanding the components of the Enterprise Governance framework associated with best practices (COBIT, ITIL, ISO, etc.). Ensuring it aligns with business objectives while taking into consideration resources and risk management and optimization as well as internal and external requirements (such as compliance to industry regulations). This domain covers also the assignment of roles, and a number of techniques related to communications, assessment, IT strategy identification, improvement and reporting.
  • Domain 2 – Strategic Management (20% of exam).
    Formulating IT strategic planning, management practices and processes as linked to the organization’s objectives. Ensuring IT strategic plans align with enterprise strategic plans. Knowledge covered include prioritizing IT initiatives, the impact that changes in business strategy have on IT strategy and methods to document and communicate IT strategic planning processes (scorecards, key indicators…).
  • Domain 3 – Benefits Realization (16% of exam).
    Knowing how IT governance helps the business realize optimized business benefits through the effective management of IT enabled investments. This domain covers topics like IT investment management processes, economic life cycle of investments, procedures to report the status of IT investments, business case development and evaluation techniques and processes and practices for planning, development, transition, delivery, and support of IT solutions and services.
  • Domain 4 – Risk Optimization (24% of exam).
    Recognizing that an applicable framework can demonstrate good governance and assist to identify, analyze, mitigate, manage, monitor, and communicate IT-related business risk. The domain covers knowledge about establishing key risk indicators (KRIs), business continuity planning [BCP] and disaster recovery planning [DRP] as related to risk management as well as risk appetite, tolerance and mitigation.
  • Domain 5 – Resource Optimization (15% of exam).
    Covering optimization of IT resources including information, services, infrastructure and applications, and people to meet business demands. It covers data management and data governance concepts, IT resource planning methods, evaluating and reporting on IT resource performance, HR procurement and development, monitoring IT resource utilization and availability, and service level management concepts.

These CGEIT job practice domains serves as the basis for the exam and outline the required knowledge to earn the certification. The CGEIT domains have not changed since 2013 but still effectively cover the basic guidelines that a professional need to follow when assuming a role in IT governance. The job practice areas were identified and developed with the help of subject-matter experts around the world who were able to identify the main issues and staples of their everyday tasks as well as the knowledge required to excel in the field.

The test comprises of 150 multiple choice questions that are experience-based and professionals have 4 hours to complete it. The passing score is 450 on a point scale that goes from 200 to 800. Effective 2017, the CGEIT exam has been offered via a computer-based testing (CBT) session for the price of $575 (member) /$760 (non-member), only at approved testing centers found globally during three testing windows of four-month durations. This year, the windows are 1 February-24 May 2018; 1 June-23 September 2018; and 1 October 2018-24 January 2019. Check for a listing of the exam sites. Registered candidates (go to for the CGEIT exam are eligible to schedule their testing appointments and can do so by logging in to their profile (myISACA) at

Who Should Earn the CGEIT?

A Cert that Targets Enterprise Leadership

The CGEIT designation, a globally accepted cert to recognize professionals who have governance-related experience and knowledge, is normally sought after by senior personnel. ISACA has developed, in fact, the CGEIT designation for professionals serving in management, advisory or assurance roles able to show an adequate level of current knowledge and proficiency in the field.

Target audience:

  • IT directors
  • Audit directors
  • CIOs
  • CISOs
  • CEOs
  • Compliance and information security professionals
  • IT assurance professionals
  • Senior IT managers
  • Organizational strategic managers
  • Manager-Governance, Risk and Compliance

CGEIT is one of the top governance, risk and compliance (GRC) certifications and can really give an edge to professionals of IT governance in their future career endeavors, progression or advancement. The cert can increase the beholders’ market value by providing a proof of competence and expertise in the sector, whereby offering a way to distinguish themselves from peers and allowing them to be part of a network of like-minded industry experts.

Employers seek out certified professionals to have some guarantee the candidate has experience and skills to advance in the IT governance of their company, and that they have updated knowledge and the will for continuous education.

Is Certification Worth the Effort?

Passing the test is not enough. To be CGEIT certified requires a combination of practice and familiarity with the areas covered by the exam. Candidates that passed the test will be certified only after demonstrating to have five or more years of experience managing and supporting IT governance or serving in an advisory or oversight role. A minimum of one year has to be related to establishing and managing a Framework for the Governance of IT. These are firm requirements and no waivers are allowed.

Once certification is acquired, it is still not over. CGEIT holders are required to keep up to date by attaining and reporting to ISACA a minimum of twenty CPE hours a year and, in any case, 120 over the course of three years. The Continuing Professional Education (CPE) Requirements for CGEIT, of course, need to be acquired in IT governance-related tasks. In addition, credential holders need to pay a maintenance fee, cooperate during possible annual audits and, obviously, comply with ISACA’s Code of Professional Ethics. If not in compliance, their qualification is revoked and, to regain it, the professional will be required to take and pass the CGEIT exam again as well as submit a new application for the CGEIT certification and make the payment.

According to ISACA, more than 7,000 professionals have earned the CGEIT credential to date. In addition, the association reports that based on the 2017 IT Skills and Salary Report conducted by Global Knowledge, the average salary of professionals with a CGEIT credential is US$120,956, thus making it one of the most remunerative certifications in IT. Therefore, all the hard work will definitely be worth it. What’s more, the CGEIT is well-respected by most organizations and to advance in their careers, it’s become increasingly important for executives within an organization be certified to reach position like CIO and CSO.

What is the Best Way to Train for the CGEIT?

Part from the official ISACA study materials are the textbooks, such as the CGEIT Review Manual, 7th Edition and the CGEIT Review Questions, Answers and Explanations Manual, 4th Edition, which are up-to-date study resources for the current CGEIT exam. Both can help individuals prepare for certification.

ISACA’s CGEIT Exam Review Course, instead, is a class offered periodically via a live broadcast webinar. According to ISACA, the class “provides the learner with the opportunity to study with an experienced, accredited professional and deepen knowledge in the field of the governance of enterprise IT.” The courses include instructor-led breakdowns of the exam’s Five Domains and a mock exam. Lessons vary in length from several weeks to several days of intensive training but offers flexibility to fit your needs and schedule. Professionals can also earn 19 CPE Credits by attending the webinar. The price for ISCA members is $770; whereas, for non-members is $990.

Registration for the latest session has now closed for the Spring 2018 Exam, so professionals might want to look for other opportunities and courses. CGEIT Exam Preparation Training Courses are also available through InfoSec Institute that offers the CGEIT Boot Camp, a four day seminar on the CGEIT examination process and readiness for the test through sample questions. The program features high test passing rates with 92% of the classroom students and 94, 7% of the live online students passing the exam.

In addition, a number of conferences can also help professional increase their knowledge in the field. The 2018 IT Governance Summit, for example, which has now passed just like the Essentials Seminar covered the basics including fundamentals of corporate governance and offered professional development while also providing additional educational options, tells Jerry Irvine, CIO of Chicago-based Prescient Solutions, who holds multiple certifications, including CGEIT.

More options, however, are still available for 2018. The Data Governance and Information Quality Conference (DGIQ2018), June 11-15, in San Diego, CA is for experienced governance professionals seeking to refresh their skills and for any industry professional interested in custom governance-related solutions to make better oversight and investment decisions. And there’s another event by Global information systems association ISACA and The Institute of Internal Auditors (IIA) that have once again collaborated to bring the 2018 Governance, Risk, and Control (GRC) Conference, from Aug. 13-15, 2018 | Omni Hotel | Nashville, TN, with an opportunity to earn up to 18 CPEs by attending. “[The GRC Con] offers an unrivaled opportunity to expand your network, build on your knowledge, and sharpen your skills,” states ISACA.


IT governance is quickly becoming one of the most important points especially for larger organizations. As David Loshin, President of Knowledge Integrity, Inc. highlighted, “the need to govern and ensure the quality of data has never been greater.”

With its rigorous certification and re-certification requirements geared towards acquired experience and there’s the necessity to keep up-to-date with all latest developments, ISACA CGEIT certification is a highly recognized credential globally. It is among the “must-have” senior-level certifications for professionals that are pursuing higher positions in the field and have the training and skills to take a pivotal role in improving corporate governance practices.



Freeman, R. (2016, 30 March). Why is CGEIT the elite IT governance qualification? Retrieved from

Greenwire Technology Solutions. (20 March). Which IT Certification is right for me? How to choose an IT Certification. Retrieved from

ISACA. (n.d.). CGEIT Certification Overview. Retrieved from

ISACA. (n.d.). CGEIT Exam and Certification Job Practice Areas. Retrieved from

ISACA. (n.d.). CGEIT Exam Resources. Retrieved from

ISACA. (n.d.). CGEIT Frequently Asked Questions. Retrieved from

ISACA. (n.d.). How to Become CGEIT Certified. Retrieved from

Lindros, K. (2017, June 19). The top 6 governance, risk and compliance (GRC) certifications. Retrieved from

McLeod, S. (2013, October22). The 5 Domains of IT Governance. Retrieved from

Riccio, K. (2017, April 13). IT Certifications: How Valuable Are They? Retrieved from

Tiglias, J. (2014, July 8). Impossible to Ignore: The Importance of IT Governance. Retrieved from

Tittel, E. (2011, August 7). Another “soft skills” cert hits the radar: ISACA CGEIT. Retrieved from

Tittel, E & Kyle, M. (2017, August 22). Best IT Governance Certifications 2018. Retrieved from,2-646-3.html

Tucker, G. (2008, December 25). Why ISACA Certifications Will Supercede ITIL. Retrieved from

Be Safe

Section Guide


View more articles from Daniel

Earn your CGEIT the first time with Infosec and pass your exam, GUARANTEED!

Section Guide


View more articles from Daniel