In today’s business world, the IT department is not just simply viewed as meeting the computer, network, and data needs of the corporation. It is also viewed as a critical function in which to meet the business objectives as well. This is also known as “IT Governance”. It can be specifically defined as follows:

“Information technology governance (IT governance) is the collective tools, processes and methodologies that enable an organization to align business strategy and goals with IT services, infrastructure or the environment . . . it also optimizes IT in such a way that it supports, complements or enables an organization to achieve its goals and objectives”


As one can see from the definition, the main objective is to make sure that the IT goals and objectives are in line with the business ones as well. Obviously, this is not an easy task to accomplish, and it takes a great skill set in order to bring all of this together, and thus is high in demand. Because of this, there is a specific cert for this known as the “Certified in the Governance of Enterprise IT”, or “CGEIT”.


The CGEIT is currently offered by the Information Systems Audit and Control Association, also known as the ISACA. The following are the typical job titles for which the CGEIT is geared for:

  • IS/IT Directors
  • IS/IT Consultants
  • IS/IT Executives
  • IS/IT Managers
  • IT Governance Managers

Specifically, the individuals with these job titles must “. . . play a significant role in managing, advising and/or assuring IT governance.” (SOURCE:,2-646-3.html).

In fact, one must have at least five years of related work experience. One year must be spent at directly managing the frameworks that make up the enterprise IT governance from within a business entity. The other four years of work experience must include conducting the duties and the tasks in two out of four domains that are covered in the cert exam (as reviewed in the next section).

However, there are some flexibilities with these requirements, which are as follows:

  • If you teach IT Governance at an accredited college or university, two full time years of instruction can be counted towards one year of CGEIT related work experience;
  • If you have other types or kinds of management experience that is related to IT Governance, or even if you have an advanced degree or other IT certs (such as the CISSP, CISA, CSX [Cybersecurity Nexus], CSX-P [CSX Practitioner], CRISC, CISM, etc.) this can also substitute for up to two years of CGEIT work related experience.

It is important to note that even if an individual does not possess all of the required work experience, he or she can still can still take the cert exam. If they pass, they will not be awarded the cert until all the work-related requirements have been fulfilled.

The following list outlines other details of the CGEIT:

  • Other Prerequisites:

The candidate must adhere to the following:

*The IASCA Code of Professional Ethics

*Compliance with the CGEIT Continuing Education Policy

  • Exam Type:

There is one exam only which consists of 150 multiple choice questions. The candidate has only 4 hours in which the complete the exam.

  • Exam Cost:

For member of IASCA, the cost is $575.00; for non-members it is $760.00.

  • Required Passing Score:

The candidate must obtain a minimum passing score of 450.

  • The recommended study guide is:

The CGEIT Review Manual, 7th Edition, published by the IASCA.

CGEIT Domain Overview

The CGEIT covers five specific domains of which the candidate must have a thorough knowledge of. This section outlines them, but the specifics and details of each domain will be covered in a future article. The domains for the CGEIT are as follows:

  • Domain 1, Framework for the Governance of Enterprise IT:

This area covers the frameworks that are needed in order to establish a proper governance of the IT infrastructure. This also includes making sure that the correct checks and balances are in place to ensure that the IT governance objectives are in line with the mission statement of the business or corporation.

  • Domain 2, Strategic Management:

This area covers the functionalities that are needed to support the integration and the alignment of the IT plans with the enterprise plans.

  • Domain 3, Benefits Realization:

This area covers the Key Performance Indicators (KPIs) that are required to make sure that the investments made into the IT infrastructure will yield the expected benefits to the enterprise.

  • Domain 4, Risk Optimization:

This area covers the frameworks that are required to align the IT infrastructure risk management plan with that of the enterprise risk management plan. From here, these risks are then identified and mitigated as much as possible.

  • Domain 5, Resource Optimization:

This area covers the tools that are required to help optimize the IT resources (which includes the hardware, software, and all relevant applications); and to ensure sure that they support the attainment of enterprise wide objectives.


This article has provided an overview into the CGEIT cert. It is a very niche type of cert, as there are only 5,500+ people in the world that possess it. The breakdown can be seen in the following matrix:

Geographic Region Total Number of CGEIT Cert Holders
Asia 920
South/Central America 320
Europe/Africa 1,580.00
North America 2,450.00
Oceania 180



Be Safe

Section Guide

Das (writer/revisions editor)

View more articles from Ravi

Earn your CGEIT the first time with Infosec and pass your exam, GUARANTEED!

Section Guide

Das (writer/revisions editor)

View more articles from Ravi