ISACA’s New CGEIT Credential Meets Demands

Posted on

The need for compliance, business and IT alignment, a better return on IT investments, stronger security, privacy and risk management, and more successful project execution are all driving executives to place a high priority on IT governance.

IT involves huge costs and significant risks, but it also offers tremendous value to the business and is critical to an organization’s survival. Companies rely on IT for competitive advantage and are increasingly viewing IT governance as a key component of enterprise governance.

To support the growing business demands related to IT governance, promote good IT governance practices and recognize skilled IT governance professionals, ISACA has developed a new certification: Certified in the Governance of Enterprise IT (CGEIT). The international nonprofit association serves more than 65,000 IT governance, assurance and security professionals, and established the designation after realizing the need for a credential in the IT governance profession.

“IT has become vital to the achievement of enterprise goals and delivery of benefits, and executives have realized that enterprise governance must be extended to IT as well,” said Howard Nicholson, chair of the CGEIT Certification Board. “ISACA performed extensive research and determined that there is a sound business need for a certification that recognizes expertise in the field of IT governance and helps enterprises identify and hire professionals who have IT governance knowledge and experience.”

Supported by the IT Governance Institute (ITGI) and built on ITGI’s intellectual property and input from subject-matter experts from around the world, the CGEIT designation is designed for professionals who have a significant management, advisory or assurance role relating to the governance of IT.

  • The credential focuses on the five areas of IT governance:
  • Strategic alignment: Ensuring the link between business and IT plans; defining, maintaining and validating the IT value proposition; aligning IT operations with enterprise operations; and establishing collaborative solutions to add value and competitive advantage and contain costs while improving efficiency.
  • Value delivery: Executing the value proposition throughout the delivery cycle; ensuring that IT delivers the promised benefits against the strategy; concentrating on optimizing expenses and proving the value of IT; and controlling projects and operational processes with practices that increase the probability of success.
  • Risk management: Ensuring risk awareness of senior corporate officers, a clear understanding of the enterprise’s appetite for risk, and transparency about the significant risks to the enterprise; establishing risk management responsibilities in the operation of the enterprise; and addressing the safeguarding of IT assets, disaster recovery and business continuity.
  • Resource management: Optimizing the investment, use and allocation of IT resources and capabilities (people, applications, technology, facilities, data) in servicing the enterprise’s needs, and maximizing the efficiency of these assets.
  • Performance measurement: Tracking project delivery and monitoring IT services using balanced scorecards that translate strategy into action, and measuring the relationships and knowledge-based assets necessary to compete in the information age.

It also focuses on frameworks that provide support for IT governance, such as Control Objectives for Information and related Technology (COBIT) and the IT Infrastructure Library (ITIL).

To earn the CGEIT certification, applicants must:

  1. Pass the CGEIT exam. (The first CGEIT exam will be administered in December 2008.)
  2. Adhere to the ISACA Code of Professional Ethics.
  3. Agree to comply with the CGEIT continuing education policy.
  4. Provide evidence of appropriate IT governance work experience as defined by the CGEIT job practice.

Five years of experience managing, serving in an advisory or oversight role, or otherwise supporting the governance of the IT-related contribution to an enterprise is required for certification. This experience is defined specifically by the domains and task statements described in the CGEIT job practice.

A minimum of one year of experience relating to the development or maintenance of an IT governance framework is required.

Additional broad experience directly related to any two or more of the remaining CGEIT domains is also required:

  • Strategic Alignment.
  • Value Delivery.
  • Risk Management.
  • Resource Management.
  • Performance Measurement.
  • Individuals can take the CGEIT exam prior to earning the above work experience. However, work experience must be earned during the 10-year period prior to application for CGEIT certification.

To recognize other management experience or the achievement of specific IT governance-related credentials, advanced (postgraduate) degrees and certificates, up to two years of the five years of required IT governance experience can be substituted.

Specifically, each of the following will qualify (substitute) for one year of IT governance experience, with a maximum of two years of substitutions being accepted.

Management experience that is not specific to IT governance, such as performing consulting, auditing, assurance or security management duties, will qualify for up to one year of substitution.

Credentials (in good standing), advanced (postgraduate) degrees and certificate programs that include an IT governance and/or management component or are specific to one or more of the CGEIT domains will qualify for up to one year of substitution. These include:

  • Certified Information Systems Auditor (CISA), issued by ISACA.
  • Certified Information Security Manager (CISM), issued by ISACA.
  • ITIL Service Manager certification program.
  • Chartered Information Technology Professional, issued by the British Computer Society.
  • Certified Information Technology Professional (CITP), issued by the American Institute of Certified Public Accountants (AICPA).
  • Project Management Professional (PMP), issued by the Project Management Institute.
  • Postgraduate degree from an accredited university in information technology or management (such as an MBA or CIO certificate program).
  • Implementing IT Governance Using COBIT and Val IT certificate, issued by ISACA (available in 2008).

Applicants who have earned or acquired other credentials, degrees or certificates that include a significant IT governance or management component and that are not listed above are welcome to submit them to the CGEIT Certification Board for consideration.

A grandfathering provision, through which individuals who are highly experienced in the governance of IT may apply for the certification without taking the exam, is now available at Several hundred applications have been received in the two months since the grandfathering program began, and applications will continue to be considered through fall 2008.

To earn the CGEIT certification during the grandfathering period, an applicant must:

  • Have and submit evidence of management, advisory or oversight experience associated with the governance of the IT-related contribution to an enterprise. Eight years of such experience is required and is defined and described specifically by the CGEIT job practice domains and task statements. Specifically necessary is a minimum of one year of experience relating to the development or maintenance of an IT governance framework and additional broad experience related to any two or more of the remaining CGEIT domains. To recognize other management experience or the achievement of IT governance-related credentials, advanced degrees and certificates, up to three years of experience can be substituted (as described above).
  • Describe his or her experience managing, providing advisory or assurance services, or otherwise supporting the governance of an enterprise’s IT.
  • Adhere to the ISACA Code of Professional Ethics.
  • Agree to comply with the CGEIT continuing education policy.
  • Pay an application fee.

John Lainhart is a past president of ISACA and ITGI, and current-ly is a member of the IT Governance Committee. He is also a partner in the security, privacy, wireless and IT governance service area at IBM Global Business Services, and is certified in CISA, CISM, CGEIT and CIPP/G. He can be reached at editor (at) certmag (dot) com.

Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Archive|


  • balram choudhary

    I would like to know the domain details which would like to be asked in Exam , if you can share syllabus that will be great .

    I am an MBA-Finance & IT , with 12+ years of experience in IT