Framework for the Governance of Enterprise IT is the subject of the first domain of the ISACA’s Certified in the Governance of Enterprise IT (CGEIT) exam and constitutes 25% of the overall objectives of the exam. The main objective of this domain is to define, establish, and manage an IT governance framework in alignment with the vision, values, and mission of the enterprise. The following sections will take a deep dive into this first domain. The candidates should grasp these concepts thoroughly to pass their CGEIT exam and secure an elite score.

What Topics are Covered in This Domain?

This domain covers eleven (11) task statements and fourteen (14) knowledge statements. All of these topics are listed along with their short description below:

Domain 1: Task Statements 

  1. Ensure that a framework for the governance of enterprise IT is established and allows the achievement of enterprise goals and objectives to create stakeholder value, taking into account benefits realization, risk optimization, and resource optimization.
  2. Identify the requirements and objectives for the framework for the governance of enterprise IT, incorporating input from enablers such as principles, policies and frameworks; processes; organizational structures; culture, ethics, and behavior; information; services, infrastructure, and applications; people, skills, and
  3. Ensure that the framework for the governance of enterprise IT addresses applicable internal and external requirements (for example, principles, policies and standards, laws, regulations, service capabilities and contracts).
  4. Ensure that strategic planning processes are incorporated into the framework for the governance of enterprise IT.
  5. Ensure the incorporation of enterprise architecture (EA) into the framework for the governance of enterprise IT in order to optimize IT-enabled business solutions.
  6. Ensure that the framework for the governance of enterprise IT incorporates comprehensive and repeatable processes and activities.
  7. Ensure that the roles, responsibilities, and accountabilities for information systems and IT processes are established.
  8. Ensure issues related to the framework for the governance of enterprise IT are reviewed, monitored, reported and remediated.
  9. Ensure that organizational structures are in place to enable effective planning and implementation of IT-enabled business investments.
  10. Ensure the establishment of a communication channel to reinforce the value of the governance of enterprise IT and transparency of IT costs, benefits and risk throughout the enterprise.
  11. Ensure that the framework for the governance of enterprise IT is periodically assessed, including the identification of improvement opportunities.

Domain 1: Knowledge Statements

  1. Knowledge of components of a framework for the governance of enterprise IT
  2. Knowledge of IT governance industry practices, standards, and frameworks (for example, COBIT, Information Technology Infrastructure Library [ITIL], International Organization for Standardization [ISO] 20000, ISO 38500)
  3. Knowledge of business drivers related to IT governance (for example, legal, regulatory and contractual requirements)
  4. Knowledge of IT governance enablers (for example, principles, policies and frameworks; processes; organizational structures; culture, ethics, and behavior; information; services, infrastructure, and applications; people, skills, and competencies)
  5. Knowledge of techniques used to identify IT strategy (for example, SWOT, BCG Matrix)
  6. Knowledge of components, principles, and concepts related to enterprise architecture (EA)
  7. Knowledge of Organizational structures and their roles and responsibilities (for example, enterprise investment committee, program management office, IT strategy committee, IT architecture review board, IT risk management committee)
  8. Knowledge of methods to manage organizational, process and cultural change
  9. Knowledge of models and methods to establish accountability for information requirements, data and system ownership, and IT processes
  10. Knowledge of IT governance monitoring processes/mechanisms (for example, balanced scorecard (BSC)
  11. Knowledge of IT governance reporting processes/mechanisms
  12. Knowledge of communication and promotion techniques
  13. Knowledge of assurance methodologies and techniques
  14. Knowledge of continuous improvement techniques and processes

What is an IT Governance Framework?

IT governance framework is the type of framework that describes the methods and ways whereby CGEIT professionals can implement, monitor, and manage IT governance within their enterprise. ISACA defines enterprise IT governance as “the set of practices and responsibilities undertook by the top management to provide strategic direction, ensure the achievement of objectives and management of risks, and verify that enterprises use IT resources responsibly.” IT governance framework provides a roadmap to organizations and measures effectiveness and performance of the IT governance processes. Typically, an IT governance framework provides reference models for input and output of processes, performance measurement techniques, and key process objectives. Some popular and recommended IT governance frameworks for CGEIT candidates incorporate ISO/IEC 20000, ISO 38500:2008, ITIL, and COBIT.

Business Drivers Related to IT Governance: Today, enterprises rely heavily on IT to run their business operations, enable new strategic objectives, and compete and survive in the fast-moving marketplace. However, the management of complex IT technologies in today business environment is a difficult and daunting task. To help respond to these issues, several IT industry practices, standards, and frameworks have emerged. There are some best business drivers that play crucial roles in the development of these practices, standards, and frameworks. The following sections elaborate these business drivers in greater detail.

  • Keep Business Running: Sudden or temporary failure of IT systems due to technical faults or other disruptions has a great impact on business operations. For example, disruption of an email server in an enterprise can bring the communication system to a standstill. In case of more critical systems such as an internet banking server, the consequences can be even more devastating in terms of revenue loss and reputational damage. In the early days of technology, mainframe computers took an entire day to perform just a few calculations. Today, IT systems execute millions of instructions in few seconds. Therefore, these IT systems are indispensable for organizations to keep their businesses running.
  • Realize a Business Value: The ratio of failed vs. successful IT projects is unfortunately very high due to improper planning, high costs, and insufficient IT staff. Many projects don’t meet their target, remain incomplete, and oftentimes will never realize their expected benefits. Gartner estimates that enterprises waste billions of dollars annually on misdirected and unsuccessful new IT projects. To prevent these issues, organizations must adopt new strategies to make their IT initiatives successful and keep all potential issues into consideration.
  • Increased Regulatory Compliance: Over the past many years, a significant increase in legislation has been noticed and it has a greater impact on the business and use of IT. For instance, new General Data Protection Regulation (GDPR) incurs a huge fine on a non-compliant organization that discloses the sensitive data of any European Union (UN) citizen without his consent. To thwart penalties and reputational damage, regulatory compliance is a prerequisite for any organization.

Establish Accountability: Organizations involve IT governance and IT management to derive enterprise strategies. IT governance is used to set objectives, provide direction, and evaluate performance. On the other hand, IT management, including executives and board members, are tasked with a responsibility to translate the direction already set in the strategy, implement the strategy, and measure and report on its performance. Enterprises must establish accountability across all roles required to achieve an overall effective IT system. Typically, these roles encompass three groups of stakeholders, including investors, controllers, and deliverers/providers. All stakeholders and their interests should be in achieving IT governance initiatives that involve everyone in a group to diligently perform his or her specific role and responsibility to complete their IT tasks successfully.

Techniques Used for Identifying IT strategies: CGEIT candidates need to know two important techniques—namely, BCG Matrix and SWOT Matrix – to identify IT strategies. The BCG Matrix, also known as Growth-share Matrix, is used to provide a framework for analyzing products in accordance with growth and market value relative to the competitor. Analyzing the products helps enterprises in identifying which products gain profits and which are a drain on resources. On the other hand, SWOT Matrix or SWOT Analysis is utilized to identify the weaknesses, strengths, opportunities, and threats related to project planning or business competitors. In addition, SWOT Analysis specifies business objectives and identifies internal and external factors that are either favorable or unfavorable to achieve these objectives.

CGEIT Instant Pricing- InfoSec

Where Should I Focus My Time Studying in this Domain?

CGEIT candidates can make their study time easier and less stressful by improving the way they study. Whether the student’s optimal study time or sleep schedule, he/she should study with an established time schedule for each day, rather than relying on last-minute cramming.

Preparing for the CGEIT’s first domain (Framework for the Governance of Enterprise IT) efficiently and effectively will keep the candidates from feeling unprepared and set them on the path to success. For this to be done effectively, students should pay make sure to seek out the CGEIT Review Manual 7, which is the most recent version of this manual series. It is available on the ISACA Official Bookstore. In addition, the candidates would do well to see our article, “CGEIT Resources,” in order to best prepare for the CGEIT exam.


InfoSec Institute’s CGEIT Boot Camp Training is specifically designed to prepare students for ISACA’s certification on IT governance principles and practices. You can enroll in this course to acquire a professional CGEIT certification.

InfoSec Institute has been one of the most awarded (42 industry awards) and trusted information security training vendors for the 17 years.

InfoSec also offers thousands of articles on a variety of security topics.

Be Safe

Section Guide


View more articles from Fakhar

Earn your CGEIT the first time with Infosec and pass your exam, GUARANTEED!

Section Guide


View more articles from Fakhar