How To Become CGEIT Certified – Certification Requirements

March 30, 2018 by Mahwish Khan


Professionals in Governance, Risk Management, and Compliance careers that are looking to extend their knowledge in information technology (IT) governance principles and practices may consider taking the CGEIT exam to further their success.

The CGEIT certification, offered by the Information Systems Audit and Control Association (ISACA) shows potential employers that the applicant has proved to be effective in management, advisory, and assurance responsibilities within governance. The certificate holder is at a competitive advantage due to the employer having tangible evidence that the applicant is proficient with skills within their field. This will increase the likelihood of employment, as well as accelerate earnings and career growth.

Another advantage of acquiring the CGEIT certification is unlocking an elite peer network of governance professionals across the globe that can be utilized to gain leverage, knowledge, and proven tools from a community of experts.


Before gaining the rite of passage to embark on the journey of acquiring your CGEIT certification, a few precursors must be met. To apply for the certification, one must have five or more years of experience in either a management, advisor or overseer role specifically in the IT domain. More specifically, additional experience in at least two of the CGEIT domains (Strategic Management, Profit Realization, threat Optimization, and Resource Optimization) is necessary.

If you’ve taught at an accredited university instructing IT governance-related topics, every two years you teach counts toward one year of your IT governance experience. This exception can be utilized by professors that prefer educating students instead of the application of their acquired skills.

  1. Pass the Exam

Passing the CGEIT exam is the first step for many that wish to gain certification. Conveniently, you can take the exam before completing the prerequisites required, so many hopefuls tackle this task first due to many being college graduates with terms and rudimentary knowledge fresh in their minds.

The exam’s questions are assembled in multiple choice format, with four options for each. Unlike some similar post-secondary examinations, there may be more than one plausible answer. However, one sole answer will always be the best choice. Each question will be centered toward a specific CGEIT domain, and don’t typically intertwine concepts. This structure results in correct answers being subtle; but not necessarily tricky.

A common strategy CGEIT test takers use is filtering out the answers that do not coincide with the domain in question, and then use principles within the correct domain to help you select the right answer.

Always keep in mind that the best answer to the question is the one associated with IT governance. The best result or outcome in general may not necessarily be the right answer. Always remember that the questions are associated with its application in IT governance, not just generally speaking.

The exam also doesn’t expect you to know too deep of understanding in governance methodology and specific clauses. Use your broadest understanding of the questions proposed, and select an answer that is most generally correct.

There’s also no penalty for wrong answers. So, if you’re running out of time, eliminate clearly incorrect answers, and make an educated guess from there on.

  1. Submit CGEIT Application to ISACA

Once you have achieved a passing score on the CGEIT exam, you must obtain a CGEIT application that can be downloaded from the ISACA website. This application must be completed and submitted within five years from the date that the exam was completed with a satisfactory score. If the time between passing the exam and completing the application exceeds a five-year gap, applicants will be required to retake the exam and resubmit their application once another passing score has been met.

In terms of the prerequisite experience required to be eligible for the CGEIT certification, that experience must be completed within 10 years prior to the application date.

If your application is denied, the ISACA has an appeal policy instated that can be utilized if you believe there was a mistake on the application denial or you have a complaint about the contents of the exam or test taking site conditions.

  1. Adhere to ISACA’s Code of Ethics

The ISACA expects all CGEIT certificate holders to use appropriate standards and act professionally in their careers. In accordance with their code of ethics, this means always serving at the interest of your stakeholders, maintaining confidentiality with knowledge gained throughout activities in your career, and to make sure you are competent in your work. Those who do not respect the ISACA’s Code of Ethics may be subject to disciplinary action, possibly resulting in termination of your CGEIT certificate.

Upon obtaining your CGEIT certification, requirements must be met to maintain your status as a certificate holder.

  • A minimum of twenty CPE hours must be obtained and reported annually to the ISACA. These hours must be relevant in the IT governance domain. Although you only need to complete 20 per year, you must report 120 CPE hours after three years, so make sure you are putting in the necessary amount of time gradually throughout each three-year duration to meet that threshold. These hours can include educational courses, in-house corporate training, and other conferences and workshops.
  • Pay maintenance fees to the ISACA. These fees are $45 USD for members, and $85 for nonmembers. Membership fees for the ISACA cost between $68 – $135 plus local chapter dues depending on whether you are a student, recent graduate, or professional member of the organization.
  1. Participate in CPE Program

The ISACA hosts a plethora of professional events that certificate holders are encouraged to attend. These include seminars, conferences, workshops, and more. Be sure to attain proof that you’ve attended these events, as they can be used toward your CPE hours.

  1. Comply with IS Auditing Standards

A random selection of CGEIT certificate holders are audited each year. They must provide proof that they have been meeting the criteria demanded by the CGEIT for twelve months prior the 3-year reporting cycle. If you get selected, there are several pieces of information that should be included in your documentation.

  • Your name
  • Activity title
  • Name of events’ sponsoring organization
  • Description
  • Date
  • Amount of CPE hours completed

The Verification of Attendance form is a useful tool to keep your activities tracked in an adequate manner.

Executing each of these steps successfully will lead you to become a CGEIT certificate holder, and maintaining that status throughout your career. The value generated from this process stems from proof of competence in your field, heightened attention from potential employers, and more rapid growth in salary. Tapping into a network of like-minded people also proves useful in seeking mentorship and advice for other professionals. While it isn’t a process that should be taken lightly, the CGEIT proves very advantageous to accelerate your career.


Posted: March 30, 2018
Articles Author
Mahwish Khan
View Profile

Mahwish Khan is a Pharm-D graduate from The University of Faisalabad. She is experienced in technical writing. She currently works for a university as a technical trainer and documentation specialist. In the past, she has taught university writing courses and worked in two university writing centers, both as a consultant and administrator.

Notice: Undefined index: visitor_id12882 in /www/resourcesinfosecinstitute_601/public/wp-content/plugins/infosec-user-info/infosec-user-info.php on line 117